A House Republican proposal for safeguarding U.S. computer networks from hacker attacks shares some common ground with the cybersecurity policy advocated by the Obama administration.
Congress should seek to strengthen cyberdefenses for power grids, water systems and other U.S. infrastructure, and toughen criminal penalties for computer intrusions, a task force of 12 House Republicans said in a report released yesterday.
Unlike the Obama administration, the task force favored using a voluntary approach to encourage industry to bolster network protections. Still, the lawmakers’ recommendations parallel key elements of proposals issued by the White House in May, according to James Lewis, a cybersecurity researcher at the Center for Strategic and International Studies in Washington.
“There’s a lot of overlap with other legislation and some with the administration’s proposal,” Lewis said in an e-mail of the Republicans’ 20-page report. “It gives everybody involved a solid basis to work from.”
U.S. officials and lawmakers have become increasingly concerned that government and corporate systems are vulnerable to cyber attacks from criminal groups and countries seeking to disrupt operations or siphon off sensitive data.
“Every single day intellectual property, whether it’s blueprints or formulas or business plans, are stolen from businesses in the United States of all sizes,” Representative William “Mac” Thornberry, a Texas Republican who led the House task force, said at a news conference yesterday. “We need to take action for our national security but also for our economic security.”
Hours before Thornberry spoke, Anonymous, a group of self-styled hacker-activists, vowed to support the Occupy Wall Street protests by erasing the New York Stock Exchange “from the Internet” on Oct. 10, according to a video message posted on YouTube. The group launched attacks in December against the sites of MasterCard Inc. and Visa Inc.
The House Republicans said they did not favor far-reaching cybersecurity legislation aimed at resolving multiple network-defense issues with a single measure. Senate Majority Leader Harry Reid, a Nevada Democrat, is compiling a comprehensive cybersecurity bill on his side of Capitol Hill.
Reid’s office didn’t immediately respond to e-mails requesting comment.
The Obama administration is reviewing the Republicans’ recommendations, said White House spokeswoman Caitlin Hayden. “We remain committed to the passage of cybersecurity legislation, and look forward to working in a bipartisan, bicameral manner,” she said.
White House Plan
The proposal released in May by the White House envisions having the Homeland Security Department assist companies that operate critical infrastructure on improving their cyberdefenses. Under the White House plan, companies would submit their cybersecurity plans to commercial auditors, and the department would intervene to improve plans that are deemed insufficient by the agency.
The Republican task force instead recommended non-binding industry standards and voluntary incentives for improving cybersecurity and expressed skepticism about assigning federal agencies to grade the network defenses of private businesses.
“Threats change and adapt rapidly,” the report said. “Change occurs so fast in this area that attempts to directly regulate a specific cybersecurity solution will be outdated by the time it is written.”
Areas of Agreement
Thornberry cited other areas of agreement with the White House, including the need to simplify data-breach reporting requirements for companies, update information-security standards for government agencies, and boost recruitment of qualified cybersecurity workers.
The recommendations “reflect a deliberative and consultative approach, so they are well-informed about what can be effective,” Liesyl Franz, vice president of cybersecurity and global public policy for TechAmerica, a Washington-based technology industry trade group, said in an e-mail.
The Republican task force also said it favored creating an information clearinghouse, outside of government, to allow agencies and companies to share real-time data on cyber attacks.
Franz praised the task force’s “effort to remove existing barriers to information sharing, which is so crucial for moving at the speed of technology.”