House GOP seeks focus on small cyber firms

House Majority Leader Kevin McCarthy

WASHINGTON — House lawmakers are expected to pass legislation this week to encourage the Obama administration to engage more with small, startup cybersecurity firms, an effort supporters say could benefit Maryland's burgeoning cyber industry.

The legislation, which is set for House passage Tuesday, would require the Department of Homeland Security to develop a plan to collaborate with emerging tech firms as the government and private companies wrestle with cyberattacks.


Thanks largely to the National Security Agency based at Fort Meade in Anne Arundel County, Maryland is home to an estimated 1,224 private cyber firms employing more than 10,000 people. The state Commerce Department estimated in 2014 that almost half of those firms employ fewer than 10 people.

House Majority Leader Kevin McCarthy, who is pushing the legislation in Congress as part of a broader effort to encourage innovation, visited the Federal Hill headquarters of ZeroFOX on Monday. The company has designed a system to patrol social media sites for people working to hack the military, the government and other organizations.


"This is a place that actually unites both parties," McCarthy, a California Republican and longtime ally of Silicon Valley, said of the policy effort. "If we in government are in analog while the rest of the world is in digital, we're in trouble."

The Republican proposals would give the Department of Homeland Security six months to develop a strategic plan to better engage "innovative and emerging technology" firms.

The bills would encourage the department to create satellite offices in areas where cyber firms are growing. And it would reauthorize through 2020 a research and development program at the department that is set to expire this year.

The Senate has not passed such legislation, and so its prospects are uncertain.

Several observers described the effort as well intentioned, but noted deeper economic and policy challenges to improving cybersecurity.

Larry Clinton, president and CEO of the Internet Security Alliance, has called for a more robust public-private partnership that encourages investment, better information sharing and wider use of cyber insurance.

"We are naturally pleased that Congress wants to make sure that DHS has access to a pipeline of innovative cybersecurity projects," Clinton said in a statement. "But by itself, technology won't cure the cybersecurity problem. The main gap is an economic one."

Congress has wrestled for years with how to confront cyberattacks on private businesses, government agencies and other groups, such as the recent breach at the Democratic National Committee in which hackers gained access to emails of political aides and opposition research on presumptive Republican presidential nominee Donald Trump.


Lawmakers included language last year in a massive spending bill that provided some liability protections intended to make it easier for companies to share information. That legislation was signed by President Barack Obama in December.

The legislation to be considered by the House this week appear to have broad bipartisan support. Democratic Rep. C.A. Dutch Ruppersberger, who is among his party's most outspoken voices on cybersecurity, called the legislation a first step to help tech startups.

"When it comes to government procurement, we're still living in a floppy-disk world," said the Baltimore County lawmaker, formerly the top Democrat on the House Intelligence Committee. "If we want the federal government to start tapping into the cutting-edge innovations developed by cyber startups — including many right here in Baltimore — we have got to start cutting more red tape."

The Evening Sun

The Evening Sun


Get your evening news in your e-mail inbox. Get all the top news and sports from the

Evan Blair, the co-founder of ZeroFOX, said sharing incident data has already proved valuable in the private sector. He said that any government efforts to expand that progress would be helpful.

Blair said the targeting of U.S. citizens on social networks, as an entryway into their corporate or government networks, has become the "new normal."

Government agencies have spent billions building up their defenses against cyberattacks. But social networks often fall outside those layers of protection, which can leave the agencies helpless.


The company told The Baltimore Sun last year that it works with the State Department and the Department of Defense.

"A continued focus on cyber as a national security priority is key," Blair said.