Hope for House Cybersecurity Bill in Lame Duck Session

A new, undisclosed cyberthreat may rekindle the debate on a House cybersecurity bill during the upcoming lame duck session, the chairman of the House Intelligence Committee said Oct. 4.
Rep. Mike Rogers, R-Mich., would not provide further details about the threat, including where it originated, but called out Iran as an unpredictable cyber-actor.
Rogers said at a U.S. Chamber of Commerce conference that he has conferred with his counterparts in the Senate about the threat. It would target networks in the United States from “an unusual source that has some very real consequences if we're not able to deal with it,” he said.
As for Iran, Rogers asked whether leadership there will make a rational decision on whether to launch a cyber-attack. “And by the way, I think they’re closer than we would all like them to be to come in and cause trouble in our financial services network.”
The bill, known as the Cyber Intelligence Sharing and Protection Act, or CISPA, passed in the House in April, but Obama has threatened to veto it even if it passes in the Senate. The administration opposed the bill for failing to protect privacy and allowing companies to be shielded from lawsuits. Rogers was cautious in describing the level of Senate support for the legislation, calling "momentum" too strong of a word choice.
If passed, CIPSA would allow the director of national intelligence to establish mechanisms allowing private industry and the government to share information on cyberthreats. However, groups such as the American Civil Liberties Union have criticized the bill, saying that this level of information sharing would allow the government to have too much private information about consumers.
Cyber Command Commander Army Gen. Keith B. Alexander tried to assuage the fears of businesses that are wary of government regulation.
"We don't need the government in our networks to do this, nor does the government want to be in there, looking in our networks for a whole host of reasons,” Alexander said during a speech. “But somebody has got to tell us where the problem is."
 
He called intellectual property theft the largest transfer of wealth in history and called on businesses to work with the intelligence community to stop the bleeding.
It was a welcome, but not entirely convincing message for industry members who in August helped defeat a Senate cybersecurity bill, which Alexander supported. The Chamber of Commerce has criticized the legislation as being too burdensome and costly even though the bill's cosponsors scaled back regulations, making them voluntary instead of mandatory.
Former Department of Homeland Security Secretary Tom Ridge blasted Congress for inaction. Ridge is currently the chairman of the national security task force for the chamber.
"They [lawmakers] don't need a sense of urgency. They must have it," he said. "In spite of that sense of urgency, there's been little to no effort to build a consensus around the way forward to deal with this critical problem."
The business lobby is more welcoming toward legislation like CISPA, which is voluntary and is seen as sufficiently limited in scope.
Ridge said that government regulations would keep business from coming up with more advanced ways of dealing with the problem, and he touted information sharing as “the piece upon which we all agree."
Photo Credit: Istockphoto

Topics: Cyber, Cybersecurity