McCaul: Senate Must Pass Cyber Security Bills

The Chairman of the House Committee on Homeland Security slammed colleagues in the Senate for what he said is an unacceptable delay in passing desperately needed cyber security legislation.

The National Cybersecurity Protection Advancement Act, sponsored in part by Rep. Michael T. McCaul, R-Texas, received 355 votes when it came before the House in April. Since then, it has been languishing in the Senate as countries launch cyber attacks on the United States, he said June 24. And in the wake of the Office of Personnel Management cyber intrusion, where millions of federal employee’s personal data was stolen, it is imperative work begin in earnest, he said.

“It’s sitting over there in the Senate. You would think after this breach of enormous proportions that the Senate would start to act on this bill,” he said during a National Journal-sponsored discussion in Washington, D.C. “I don’t think we have time to wait and yet they continue to wait over there.”

The United States is facing an unprecedented amount of attacks from around the world, he said. Whether it is Russia, North Korea, China or Iran, a robust cyber security information-sharing framework would help mitigate intrusions, he said.

McCaul said he was confident that if his cyber security bill were presented to President Barack Obama tomorrow he would sign it into law.

“It would greatly enhance our ability to protect Americans from nation states sponsors like China and North Korea and Iran from attacking Americans in the private sector and also the federal government,” he said. “I can’t express enough how important it is to get these bills passed and how irresponsible it is not to.”

McCaul said the bill balances privacy with security. Getting that balance right has been tricky in the past, he said. “What has been the problem? Why hasn’t it worked before? Well, we haven’t had liability protection and without liability protection you cannot incentive true information sharing,” he said.

“This bill has the strongest liability protection that we could possibly write to incentive the private sector to participate,” he said.

Under the bill’s provisions, companies would share information about breaches with the government and with other firms, if they chose. That is critical because 80 percent of threats and malicious codes exist in the private sector, McCaul said.

The Department of Homeland Security would lead the effort, he said. “DHS can’t spy on you. DHS can’t prosecute you. The way it’s set up … [is] truly an information sharing process. The information can only be used under the bill for cyber security purposes only.”

There must be action as attacks become more frequent and nefarious, he said.

“We’re going beyond just credit card theft. We’re entering the age of espionage and cyber warfare,” he said. “I’ve seen our offensive capability, it’s very impressive. That capability turned against us could be devastating.”

The recent OPM breach was for espionage purposes and is the most significant intrusion against the federal government ever, he said.

“I would say it’s espionage because of they way it was done. [It] was big data theft. We didn’t see a deluge of credit card theft after this. It was just a huge data theft to mine that data and use and compromise Americans,” he said.

McCaul said if his bill had been turned into law it could have prevented the OPM attack.

He pinned the attack on China, although Adm. Michael Rogers, head of the National Security Agency and commander of U.S. Cyber Command recently said thenation may not have been responsible for it.

Topics: Cyber, Cybersecurity