The Obama administration pressed for swift passage of cybersecurity legislation by the U.S. Senate, countering concern from industry groups that the bill would bring unnecessary rules and extra costs.
The measure introduced this week would help strengthen computer defenses at banks, utilities and telecommunications companies by setting baseline standards and promoting information-sharing, Janet Napolitano, secretary of the Homeland Security Department, told a Senate panel today.
“Our nation cannot improve its ability to defend against cyber threats unless certain laws that govern cybersecurity activities are updated,” Napolitano said during a hearing of the Senate Homeland Security and Governmental Affairs Committee in Washington. “Quickly enacting this legislation would be an incredibly important step.”
The administration is at odds with the U.S. Chamber of Commerce, the nation’s largest business-lobbying group, on whether the bill would impose undue regulatory burdens on companies. Regulators and executives would work together to develop computer security requirements, Napolitano said.
The push for comprehensive cybersecurity legislation has intensified following attacks last year on companies including New York-based Citigroup Inc. (C), the third-largest U.S. bank by assets, and Bethesda, Maryland-based Lockheed Martin Corp. (LMT), the world’s largest defense company.
U.S. lawmakers and regulators say rules are needed to fight more sophisticated cyber attacks from hackers in China, criminal gangs and terrorists capable of causing severe U.S. economic or national security damage. The government estimates hackers jeopardize an estimated $398 billion in U.S. corporate and other research.
Under the Senate bill, the Homeland Security Department would have the power to identify systems that may cause mass casualties or catastrophic economic damage when attacked. The agency would set regulations requiring operators of critical networks to improve security, while companies would have to prove their networks are secure or face penalties.
“A regulatory program would likely become highly rigid in practice and thus counterproductive to effective cybersecurity,” Tom Ridge, the first Homeland Security Secretary under President George W. Bush and now leader of a U.S. Chamber task force, said in prepared testimony for today’s hearing. “Added mandates are unnecessary, if not misguided.”
Chamber Favors Incentives
The Chamber said it favors incentives over new rules to defend vital computer systems, such as legislation in the U.S. House that would promote information sharing between the government and companies. The group asked the Senate to delay consideration of the bill to hold more hearings.
The Senate is scheduled to be on recess next week and today’s hearing may be the only such session before the bill is brought to the floor in early March, a senior Democratic Senate aide said during a briefing yesterday.
Senator John McCain, an Arizona Republican, criticized plans to advance the measure unveiled Feb. 14 for a final vote so soon after its introduction.
“To suggest that this bill should move directly to the Senate floor because it has been around since 2009 is outrageous,” he said. McCain was one of seven Senate Republicans who signed a letter to Majority Leader Harry Reid, a Nevada Democrat, and Minority Leader Mitch McConnell, a Kentucky Republican, calling for more hearings on the legislation.
‘Stymie Job Creation’
McCain said the legislation “would stymie job creation” and fails to include spending offsets. McCain said he and six senior Senate Republicans would introduce a competing measure that is more narrowly focused as soon as Feb. 27.
“We are left with no choice but to introduce an alternative cybersecurity bill,” he said. “The fundamental difference in our alternative approach is that we aim to enter into a cooperative relationship with the entire private sector through information sharing, rather than an adversarial one with prescriptive regulations.”
Senators supporting the legislation disputed arguments that new cybersecurity regulations would hurt companies.
“There is nothing in the bill that would stifle innovation,” Senator Joe Lieberman, a Connecticut independent and chairman of the committee, said during the hearing. “Owners would have the flexibility to meet performance requirements with whatever hardware or software they chose so long as it achieves the required level of security.”
Senator Susan Collins, a Maine Republican who sponsored the bill, said Congress would be irresponsible if it doesn’t pass cybersecurity legislation “due to turf battles or claims by some businesses that we are somehow harming our economy.”
To contact the editor responsible for this story: Michael Shepard at firstname.lastname@example.org