The U.S. Homeland Security Department should work with companies in setting cybersecurity standards, said Wes Bush, chief executive officer of Northrop Grumman Corp. (NOC), one of the nation’s largest defense contractors.
“The notion of having DHS involved with industries in a partnership approach to ultimately lead to standards setting, I think that’s the right idea,” Bush said yesterday at an event in Washington.
Standards can help companies focus their investments on cybersecurity measures that work, Bush said in response to questions after a speech at George Washington University.
The role of the Homeland Security Department is central to a debate in Congress over how to shield U.S. infrastructure from digital attacks. U.S. lawmakers are considering cybersecurity measures following assaults last year on companies including New York-based Citigroup Inc. (C), the third-largest U.S. bank by assets, and Bethesda, Maryland-based Lockheed Martin Corp. (LMT), the world’s largest defense company.
Senate Democrats and President Barack Obama support a bill unveiled on Feb. 14 that would let the Homeland Security Department set regulations for operators of critical networks to improve cyber defenses.
Under the measure, introduced by Senator Joe Lieberman, a Connecticut independent, companies would have to prove their networks are secure or face penalties.
A series of competing bills favored by Senate and House Republicans would avoid creating new regulations while encouraging companies to share information on cyber threats with each other and the government through voluntary incentives, such as protection from lawsuits.
Bush said he also favors information sharing and said legislation should help make such data exchanges easier for companies.
“Sharing threat information between businesses and of course between government and business is absolutely necessary in the fight to defend a company’s digital information,” he said.
Northrop Grumman participates in the Defense Industrial Base initiative, a government test program for sharing classified data on cyber threats with defense contractors.
Companies including AT&T Inc. and Comcast Corp. (CMCSA) have also said they support voluntary sharing of information on digital threats while opposing new government regulations for cybersecurity.
To contact the reporter on this story: Eric Engleman in Washington at firstname.lastname@example.org
To contact the editor responsible for this story: Bernard Kohn at email@example.com