recommended reading

Any cybersecurity bill is better than no bill, senate panel told

Thinkstock

A panel of security experts urged Congress on Wednesday to do something—anything—to combat cyberthreats to the United States.
 
The panel of witnesses before the Senate Homeland Security and Governmental Affairs Committee had specific recommendations, but with a nearly unified voice they all agreed that moving ahead with any current legislative proposals is better than doing nothing.
 
“If we don’t act now, I can assure you that whatever comes after something bad happens will be much more draconian and not as constructive as it could be,” Frank Cilluffo, director of George Washington University's Homeland Security Policy Institute, told the committee.
 
Senate Majority Leader Harry Reid, D-Nev., has said he wants to move forward with floor debate on the Cybersecurity Act of 2012 by the end of July.
 
The bill is championed by leaders of the Senate Intelligence, Commerce, and Homeland Security committees, including Homeland Security panel Chairman Joe Lieberman, ID-Conn. But the bill has been delayed for months because some Republicans don’t want the Homeland Security Department to have the authority to help set security standards for some private networks.
 
But former National Security Agency and Central Intelligence Agency Director Michael Hayden said all the proposals on the table, including standards, information sharing between businesses and government, and a potential increased role for U.S. intelligence agencies, should be enacted.
 
Any potential problems can be ironed out later, he said. “I’d do them all. And I would keep an open mind a adjust fire in a year or two.”
 
Earlier this week, the head of the U.S. Cyber Command, Gen. Keith Alexander, urged lawmakers in a speech to enact a bill before a catastrophic attack leads to an overreaction.
 
RAND Corp. terrorism analyst Brian Michael Jenkins said any bill won’t be 100 percent right. But, he said, “It’s important to get these things moving rather than finding the absolute perfect legislation."
 
That did not sit well with Senate Armed Services Committee ranking member John McCain, R-Ariz., who is a chief critic of Lieberman’s Cybersecurity Act and who has introduced competing cybersecurity legislation of his own.
 
Invoking the Hippocratic oath, McCain rebuked the witnesses for not acknowledging the potential harms he sees in giving government officials the authority to set security standards. “The first principle is do no harm,” McCain said. “The thing we don’t want to do is do something wrong.”
 
McCain and other Republican committee leaders are pushing their own bill, which mirrors many of the Cybersecurity Act’s proposals such as encouraging businesses and government to share cyberthreat information with each other, but leaves out any new authority to set standards.
 
Several compromise proposals are in the works that would soften some of the standards proposals.
 
But many of the proposals are still eliciting pushback from businesses, which don’t want new regulations, and civil liberties advocates, who fear information sharing could undermine privacy.
 
The latest United Technologies/National Journal Congressional Connection Poll found that despite expressing concern over cyberthreats, a majority of Americans don’t favor information sharing because of privacy concerns, and are opposed to government-set standards.
 
Homeland Security Committee ranking member Susan Collins, R-Maine, has held on as the lone GOP cosponsor of the Cybersecurity Act. She said the protection of critical networks such as those connected to electric grids and water-treatment plants can’t be left up to voluntary measures.
 
Waiting to act, Collins said, is risking a catastrophic cyberattack.
 
“I can think of no other area where the threat is greater and we’ve done less to counter it,” she said.

Threatwatch Alert

Stolen laptop

3.7M Hong Kong Voters' Personal Data Stolen

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.