Cybersecurity legislation in the U.S. Senate was designed to avoid unmanageable costs to industry and can be altered in coming weeks, Senate Majority Leader Harry Reid told the nation’s largest business lobbying group.
Reid, a Nevada Democrat, responded in a letter to concerns raised by the U.S. Chamber of Commerce that a planned cybersecurity bill may increase costs and place too many rules on companies. The measure may be introduced as early as next week.
“You are absolutely right that a regulatory framework creating bureaucratic redundancy, over-intrusive requirements, and unmanageable costs is counterproductive and contradictory to the spirit of public-private partnership that must drive our nation’s cybersecurity efforts,” Reid wrote to U.S. Chamber president Thomas Donohue yesterday.
U.S. lawmakers and regulators say legislation is needed to fight increasingly sophisticated cyber attacks by Chinese hackers, criminal groups and activists that jeopardize an estimated $398 billion in domestic research and threaten to disrupt power grids, banks and communications networks.
Reid has said he plans to bring the bill to the Senate floor as soon as possible. The Senate Homeland Security and Governmental Affairs Committee scheduled a Feb. 16 hearing on the legislation.
U.S. lawmakers should more thoroughly vet provisions in the measure that would give the Homeland Security Department power to regulate companies that own and operate U.S. networks, Bruce Josten, the Chamber’s executive vice president of government affairs, wrote in a Jan. 30 letter to Reid and Minority Leader Mitch McConnell, a Kentucky Republican.
“Rushing forward with legislation that has not been fully vetted would be a major mistake,” Josten wrote. “Layering new regulations on critical infrastructure will harm public-private partnerships, cost industry substantial sums on compliance, and not necessarily improve economic and national security.”
In his letter, Reid said many of the issues raised by the Chamber were addressed in bill revisions. He said the legislation has been “carefully crafted and narrowly tailored,” and he pledged to hold a “fair and reasonable” amendment process when the bill comes to the Senate floor.
Tom Ridge, the former U.S. Secretary of Homeland Security and current leader of the Chamber’s national security task force, plans to testify on the group’s behalf at next week’s hearing, Matthew Eggers, the group’s director of national security and emergency preparedness, said today in an e-mail.
“Ridge will emphasize the need to pursue positive measures, like information-sharing, in place of measures that will lead to prescriptive regulations, which run counter to effective security for the business community,” Eggers said.
Ability to Intervene
“Without some ability to intervene -- in a targeted and efficient way -- to ensure a certain level of protection in this narrow set of key infrastructure, the government cannot adequately protect its citizens,” Reid wrote.
The bill would give the Homeland Security Department the authority to identify computer systems that may cause mass casualties or catastrophic economic damage when attacked, Leslie Phillips, spokeswoman for the Senate Homeland Security and Governmental Affairs Committee, said in an e-mail today.
The agency would work with companies to set standards for network security, focusing on those that are least secure, she said. Companies would have to show that their networks are secure through self assessments or third-party audits, or face penalties.
“There is no question that the Senate has considered cybersecurity legislation as thoroughly and as conscientiously as any legislation in many years,” Reid said.
To contact the reporter on this story: Chris Strohm in Washington at email@example.com
To contact the editor responsible for this story: Michael Shepard at firstname.lastname@example.org nh