The U.S. House of Representatives raised the stakes in a debate with the White House over how best to improve the nation’s cybersecurity, passing a bill President Barack Obama called too weak and threatened to veto.
The Cyber Intelligence Sharing and Protection Act passed the House by 248 to 168 yesterday. The measure, introduced by Representative Mike Rogers, a Michigan Republican who heads the House Intelligence Committee, encourages the government and companies to voluntarily share data on cyber threats and gives businesses legal immunity for such exchanges.
“We can’t stand by and do nothing as U.S. companies are hemorrhaging from the cyber looting coming from nation states like China and Russia,” Rogers said in an e-mailed statement after the vote. “America will be a little safer and our economy better protected from foreign cyber predators with this legislation.”
Lawmakers are debating cybersecurity legislation as fears intensify about the ability of cyber spies to steal U.S. intellectual property and the potential for digital disruption of vital U.S. infrastructure.
Hackers and illicit programmers in China and Russia are aggressively pursuing American technology and industrial secrets, jeopardizing an estimated $398 billion in U.S. research spending, the National Counterintelligence Executive, the agency responsible for countering foreign spying on the U.S. government, said in a November report.
The Obama administration “strongly opposes” the Rogers bill in its current form, according to an April 25 policy statement issued by the Office of Management and Budget.
The administration said the measure doesn’t do enough to protect the nation’s critical systems from cyber attacks and would erode privacy safeguards for consumer information. Civil liberties groups initiated a Web protest against the legislation last week, saying it would let too much personal data flow to the government without limits on its use.
“As we’ve seen repeatedly, once the government gets expansive national security authorities, there’s no going back,” Michelle Richardson, legislative counsel for the American Civil Liberties Union, said in an e-mailed statement after the House vote. “We encourage the Senate to let this horrible bill fade into obscurity.”
The White House supports a bill from Senator Joseph Lieberman, a Connecticut Independent, that would put the Department of Homeland Security in charge of regulating cybersecurity of the nation’s vital systems such as power grids and transportation networks. Senate Majority Leader Harry Reid, a Nevada Democrat, has pledged to bring the Lieberman bill to the Senate floor without giving a date.
House Speaker John Boehner, an Ohio Republican, brushed aside the Obama administration’s veto threat yesterday, saying “the White House believes the government ought to control the Internet” by letting government alone set security standards.
Obama administration officials “are in a camp all by themselves” by favoring the creation of a “monster here in Washington to control what we are going to see or not see on the Internet,” he told reporters ahead of the vote.
The speaker called the Republican legislation the first of “common-sense steps to allow people to communicate with each other” to “build the walls that are necessary in order to prevent cyberterrorism.”
House Minority Leader Nancy Pelosi said the Republican-backed measure lacked important protections to safeguard critical infrastructure.
The “very dangerous” omission occurred because Republican leaders “did not want the regulation of the utilities that would truly protect us from a cyber attack,” the California Democrat told reporters before yesterday’s vote.
The House approved a series of amendments to the Rogers bill, including measures aimed at narrowing the types of information that can be shared and limiting what government can do with the data. The chamber passed a separate bill yesterday updating the government’s information-security controls, and passed two cybersecurity research-and-development bills today.
Lieberman and three other Senate co-sponsors of his measure called the House information-sharing and research bills “necessary but by no means comprehensive elements of a cybersecurity legislative strategy.”
“We are troubled House leaders blocked consideration of protections for critical infrastructure systems, ignoring the advice of our military and intelligence leaders as well as most cybersecurity experts,” Lieberman said today in an e-mailed statement, joined by Republican Susan Collins of Maine and Democrats Jay Rockefeller of West Virginia and Dianne Feinstein of California.
The senators said they look forward to passing their bill “so that we can conference with the House and produce legislation that secures the most critical systems on which all American people and businesses depend each day.”
The U.S. Chamber of Commerce, the nation’s largest business-lobbying organization, and trade groups including the Financial Services Roundtable back information-sharing between the public and private sectors and oppose new regulations on cybersecurity.
Such data-sharing programs have been attempted since the late 1990s during the Clinton administration and failed to provide any noticeable improvement in security, James Lewis, technology program director at the Center for Strategic and International Studies in Washington, said in an interview earlier this month.
Michael Chertoff, who was Homeland Security secretary under President George W. Bush, said he’s getting “more pessimistic” that a cybersecurity bill will become law.
“Outside groups” have created divisions on a non-partisan issue, Chertoff, co-founder of The Chertoff Group, a Washington-based security consulting firm, said in an interview today at Bloomberg’s Washington bureau.
The level of warnings about the Sept. 11 terrorist attacks is “infinitesimal” compared with warnings about threats to cybersecurity, he said.
If a bill passes, it’s probably going to focus on information sharing, he said.
The Rogers bill is H.R. 3523. The Lieberman bill is S. 2105.