Cybersecurity

Why Congress Hacked Up a Bill to Stop Hackers

GOP leaders and industry lobbyists were determined to kill it

“Based on my experience, very few people on the Hill get this.”—Shawn Henry, former FBI assistant directorPhoto illustration by 731; Photographs by Alamy

Provide news feedback or report an error

Confidential tip?

Send a tip to our reporters

Site feedback:

Take our Survey

By Michael Riley and Eric Engleman

November 16, 2012 at 1:21 AM UTC

This article is for subscribers only.

BusinessWeek Cover Image (12_47, portrait_2x)

This article is part of the November 19, 2012 issue of businessweek.

On March 7, 2012, the Obama administration staged a mock cyberattack on the U.S. In a classified briefing for senators in the Capitol, FBI Director Robert Mueller, Department of Homeland Security Secretary Janet Napolitano, and other officials imagined a shutdown of New York City’s power grid that resulted in scores of deaths and billions of dollars in losses. Think Hurricane Sandy’s blackouts, only spread to all of Manhattan and the boroughs.

At the time, lawmakers were fighting over an administration-backed bill that would require the computer systems that control utilities, chemical plants, oil pipelines, and other “critical infrastructure” to be hardened against sabotage by hackers and foreign spies. Under the bill, the government would also share secret information about digital espionage with corporations that store sensitive data, helping them to protect against China and other governments that target U.S. industrial research and financial records. The U.S. is ill-equipped to cope with an Internet assault on the computers that undergird much of the economy, and no federal agency has the authority to compel companies to protect themselves. The bill, called the Cybersecurity Act of 2012, was intended to fix that—and the White House believed the mock attack would underscore its urgency.