Lawmakers join forces on cybersecurity legislation

Senate committees coordinate on a comprehensive bill to strengthen protections against hackers.

Sen. Joe Lieberman said the Homeland Security Department "has not done well."Scott Audette/AP

Senators from several committees are working together to craft comprehensive cybersecurity legislation by the end of the year, the head of a key oversight committee said on Monday.

Lawmakers are open to a range of legislative options aimed at better protecting Web sites against hackers and improving cooperation between the federal government and private sector, said Sen. Joseph Lieberman, I-Conn., chairman of the Senate Homeland Security and Governmental Affairs Committee. Possibilities include introducing cybersecurity requirements for private sector firms, he said.

The Homeland Security Department "has not done well," Lieberman said after a hearing. "They are not doing enough on cybersecurity in my opinion."

Movement toward a comprehensive bill comes after Senate Majority Leader Harry Reid, D-Nev., asked lawmakers to combine efforts, according to Lieberman. Several senators --including Sens. Olympia Snowe, R-Maine, and Tom Carper, D-Del. -- have introduced their own cybersecurity bills.

The Homeland Security and Governmental Affairs Committee will work with the Armed Services, Commerce, Intelligence and Judiciary panels on the legislation, according to Lieberman.

Monday's hearing featured testimony on the growing sophistication of hackers and organized crime elements seeking to commit online theft and fraud.

"There's a general movement toward coordinated attacks," said Philip Reitinger, deputy undersecretary for the National Protection and Programs Directorate at DHS. "In the 1990s hackers were doing things that were more annoying than anything else. ... That's not the world we're in anymore. Hackers are after information of value and actual money. They are targeting attacks where they can get value."

Sen. Susan Collins, R-Maine, ranking member of the committee, expressed concern that businesses targeted by online criminals might not know which federal agency or law enforcement organization to contact because of overlapping jurisdictions, while Reitinger noted there are a number of avenues through which citizens can report online crimes and agreed more education and outreach is necessary to raise awareness of the threat.

Witnesses repeatedly asserted that improving authentication is critical to protecting networks and safeguarding citizens' personally identifiable information.

"There's little we could do that's more effective than implementing strong authentication mechanisms that are available for people's use with privacy protections built in," Reitinger said.

Lieberman asked the witnesses if any additional laws or regulations would assist them in protecting the nation's networks, such as introducing minimum security standards or requiring certification for private sector companies.

"Those are big steps to take and we're not going to take them lightly or without adequate consideration," he said. "But we're going to throw ideas out there to show we're considering a wide range of options."

Michael Merritt, assistant director of the Secret Service's Office of Investigations, said new laws were unnecessary, and existing statutes provide enough basis for authorities to pursue cyber criminals.