Lawmakers Continue Clash Over Cybersecurity Legislation

Thursday, March 22, 2012



Lawmakers continue to clash over a myriad of proposed cybersecurity bills even as Congressional oversight committees are presented with testimony that underscores the urgency presented by an rapidly growing threat to national security.

“It is critical that we strengthen our cybersecurity posture, and we urge Congress to recognize the need for new tools to more effectively prevent and respond to potential cyber attacks on the homeland,” said assistant to the president for Homeland Security and Counterterrorism John Brennan.

Brennan's statements backup FBI Director Robert Mueller's statements made last week to a Senate oversight committee when he warned that terrorist groups are actively "using cyberspace to conduct operations."

"While to date terrorists have not used the Internet to launch a full-scale cyber attack, we cannot underestimate their intent," Mueller said.

In February, Senators Joe Lieberman, Susan Collins, John D. Rockefeller IV, and Dianne Feinstein jointly introduced the Cybersecurity Act of 2012 which was intended to reconcile multiple bills previously proposed for consideration.

The legislation enjoys strong bipartisan support, making it the leading contender for passage, but the bill could be held up for debate for some time.

"That’s the most comprehensive bill and probably the most likely to change behavior in the private sector. Without holding the private sector to a general standard, we haven’t really addressed the hardest issue," said former assistant DHS secretary Stewart Baker.

Despite having prompted the introduction of the Cybersecurity Act of 2012, Senate Majority Leader Harry Reid has plans to reintroduce legislation proposed by the White House last year - legislation that many private sector leaders say is too punitive in nature and would disincentivize companies from both investing in better security measures and from disclosing data loss events.

“That’s the part that could sink the whole bill,” said Internet Security Alliance Larry Clinton.

"There's really no doubt that they have proposed here developing a fairly extensive regulatory structure and again that is precisely the opposite of what the president himself promised when he released the cyberspace policy review back in 2009," Clinton stated during a taping of C-SPAN's "The Communicators" which aired last August.

The Obama administration's proposal is "a punitive model where we're trying to blame the victims of the attack. I don't think that the administration's proposal really does anything that I can see to enhance cybersecurity," Clinton had said.

Also in contention is a proposed bill offered by Senator John McCain which has less of a regulatory focus than the White House proposal, and instead seeks to break down barriers to threat intelligence sharing within government and with the private sector.

Critics have lambasted the bill over privacy concerns and argue it would give law enforcement and intelligence agencies too much access to private information that should not be subject to routine government oversight.

Yet another bill proposed by Representatives Mike Rogers and Dutch Ruppersberger seeks to provide the private sector with immunity from legal repercussions like class action lawsuits from consumers and investors in order to foster a willingness be more forthright in the aftermath of major data loss events.

"The one thing you can say about Congress is they've been persuaded that the threat is real. There’s a sense we don’t want to make the mistake we made in the 1990s about al Qaeda and 9/11," said the Center for Strategic and International Studies' James Lewis.


Possibly Related Articles:
Government Internet Security Alliance Cyber Security Headlines legislation Congress National Security White House Senate Cybersecurity Act of 2012
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked