Lobbying Congress and NIST About Cybersecurity: U.S. Chamber of Commerce Spends Million$

As we discussed in our recent podcast episode on cybersecurity and privacy legal strategy, keeping up with new laws in the space is like a game of whack-a-mole.

And the United States Chamber of Commerce is playing the game.

Its lobbying report for 2019 shows the organization spent more than $58 million lobbying in Washington D.C. during the year, and on dozens of occasions that meant lobbying for cybersecurity.

Which cybersecurity legislation did the U.S. Chamber try to influence?

According to the federally mandated lobbying report, the U.S. Chamber of Commerce lobbied elected officials regarding more than a dozen pieces of cybersecurity-related legislation. Here is the list:

•  H.R. 1731, Cybersecurity Disclosure Act of 2019
•  H.R. 739, Cyber Diplomacy Act of 2019
•  H.R. 1158, Consolidated Appropriations Act, 2020
•  H.R. 1668/S. 734, IoT Cybersecurity Improvement Act of 2019
•  H.R. 1731/S. 592, Cybersecurity Disclosure Act of 2019
•  H.R. 2500/S. 1790, National Defense Authorization Act for Fiscal Year 2020
•  H.R. 2968/S. 2474, Department of Defense Appropriations Act, 2020, including provisions relating to operational cybersecurity
•  H.R. 3256, Protecting and Securing Chemical Facilities from Terrorist Attacks Act of 2019
•  H.R. 3270, Active Cyber Defense Certainty Act
•  H.R. 3320, Securing the Homeland Security Supply Chain Act of 2019
•  H.R. 3710, Cybersecurity Vulnerability Remediation Act
•  H.R. 3719, CTPAT Reauthorization Act of 2019
•  H.R. 4998, Secure and Trusted Communications Networks Act of 2019
•  S. 602, Cyber Deterrence and Response Act of 2019
•  S. 893, Secure 5G and Beyond Act of 2019
•  S. 1625, United States 5G Leadership Act of 2019
•  S. 2664, Cyber Shield Act of 2019
•  S. 2775, Harvesting American Cybersecurity Knowledge Through Education (HACKED) Act of 2019
•  S. 3045, Cybersecurity Vulnerability Identification and Notification Act of 2019
•  Draft legislation titled Cyber SAFETY Act
•  Draft legislation titled SECURE Small Business Act
•  Draft legislation titled Cyber Collaborative operations Act

On which cybersecurity topics did the U.S. Chamber lobby agencies?

U.S. Chamber of Commerce lobbyists were also extremely busy running around Washington D.C. talking to government agencies working on cyber-related policies and committee appointments. 

The Chamber's disclosure form lists the following:

• Nomination of William Evanina to lead the National Counterintelligence and Security Center (NCSC)
• National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity
• small and midsize business cybersecurity assistance
• 5G
• cybersecurity protections
• cyber workforce, including cybersecurity professionals securing business and government networks
• apprenticeships
• cyber incident reporting of breaches, hacks, and other security incidents
• Internet of Things (IoT) security
• Office of the Director of National Intelligence (ODNI) cyber customer services
• Bureau of Industry and Security final rule, addition of entities to the entity list

This one, the BIS Entity List, relates to Huawei and affiliated companies. Listen to our podcast interview with Any Purdy, Chief Information Security Officer of Huawei USA: "Can You Trust Huawei?"

• Bureau of Industry and Security final rule, temporary general license;
  Department of Commerce proposed rule, securing the information and communications technology and services supply chain
• Department of Defense Cybersecurity Maturity Model Certification (CMMC) v.06/v.07
• Department of Defense, General Services Administration, and NASA interim rule, Federal Acquisition Regulation: Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment
• Executive Order 13873, Securing the Information and Communications Technology and Services Supply Chain
• draft NIST Interagency Report (NISTIR) 8259, Core Cybersecurity Feature Baseline for Securable IoT Devices: A Starting Point of IoT Device
• China's intellectual property regime industrial policies and cybersecurity issues

[RELATED: U.S. Chamber of Commerce 2019 Lobbying Disclosure Form]

How can organizations keep up with privacy and security laws?

As much movement as there is at the national level, there is an even greater legal evolution taking place at the state level when it comes to cybersecurity and privacy legislation.

If your organization is unsure how to approach this, or worse, is burying its head in the sand, listen to our podcast interview with cyber attorney Jordan Fischer.

It is a surprisingly optimistic look at where and how organizations can strategically approach so many moving targets.