Cybersecurity Lobby Surges as Congress Considers New LawsEric Engleman and Jonathan D. Salant
The determination by Congress and President Barack Obama’s administration to protect networks of critical U.S. industries from hackers and cyberspies is creating an explosive growth opportunity -- for lobbyists.
There were 513 filings by consultants and companies to press Congress on cybersecurity by the end of 2012, up 85 percent from 2011 and almost three times as many as in 2010, according to U.S. Senate filings. Twelve firms have submitted new registrations this year on behalf of companies including Google Inc.’s Motorola Mobility unit, Symantec Corp., United Parcel Service Inc. and Ericsson Inc., the U.S. subsidiary of Stockholm-based Telefonaktiebolaget LM Ericsson.
“Cybersecurity is a lobbyist’s dream,” Rogan Kersh, provost at Wake Forest University in Winston-Salem, North Carolina, who researches political influence, said in an interview.
Washington’s plan to fight attacks had Raytheon Co. and Lockheed Martin Corp., which want to sell security products, lobbying on cyber bills and appropriations. Sectors targeted by hackers, such as banking and energy, have their trade groups pushing for liability protection for sharing threat information. Verizon Communications Inc. told lawmakers it wants “greater cybersecurity without technology mandates or prescriptive rules.”
Companies want to discuss issues including what kind of impact government-issued security practices will have on corporate supply chains, said Avivah Litan, Washington-based cybersecurity analyst at technology research firm Gartner Inc.
“This is going to be a titanic clash, and when that kind of industry power is aligned against each other, lobbyists start sharpening their knives and forks,” Kersh said.
The interest in influencing cybersecurity policy tracks more urgent warnings by the administration and Congress that more action is needed to stop Chinese online espionage and potential digital sabotage of vital infrastructure such as power grids.
Obama issued an executive order in February directing the government to develop voluntary cyber standards for privately-held assets considered critical to national security, and to increase sharing of cyber attack information with companies.
Companies “used to think they could ignore this issue or sweep it under the rug,” Mark Warner, a Virginia Democrat who sits on the Senate Commerce and Intelligence committees, both of which have considered cyber bills, said in an interview.
A Feb. 19 report from security firm Mandiant Corp., concluding the Chinese army may be behind a hacking group that has hit at least 141 companies worldwide since 2006, has altered the debate, Warner said.
“There’s more and more recognition, industry by industry, that the sheer volume of threats can’t be hidden anymore,” he said.
The Department of Homeland Security will identify industries subject to the executive order. While standards are to be voluntary, the order instructs U.S. agencies to consider making them regulations for critical industries they oversee.
“We want to be prepared to weigh in and help guide or inform those processes as appropriate,” Ladeene Freimuth, a lobbyist for the GridWise Alliance, a Washington-based group representing electric utilities including Pepco Holdings Inc. and Duke Energy Corp., said in an interview.
The alliance, which first registered to lobby on cybersecurity March 2, supports a proposal by House Intelligence Committee Chairman Mike Rogers, a Michigan Republican, giving liability protection to companies that share threat information, Freimuth said. The group favors “flexible” regulation that doesn’t duplicate existing standards, she said.
The White House is urging Congress to pass legislation to fill in gaps it couldn’t address in the executive order. Lawmakers, who failed to pass a cyber bill last year amid disagreements over the role of government and privacy protections for consumer data, have returned to the topic in recent weeks with hearings and new proposals in the House.
Banks, telecommunications companies and energy companies, which have been targeted for attacks, are pushing for better sharing of threat and attack details from government. They also want to be protected from privacy lawsuits if they share information on customers, and from negligence suits for failing to act on warnings.
The National Retail Federation lobbied the Senate on its “Cybersecurity Act of 2012,” as did 3M Co., which also discussed the bill with Homeland Security and the Justice Department, according to Senate filings.
The Association of American Railroads lobbied on Rogers’ Cyber Intelligence Sharing and Protection Act, which passed a floor vote in the House last year and has been reintroduced this session, records show. The National Cable and Telecommunications Association, meanwhile, lobbied on bills in Congress while also discussing the formation of the White House cyber executive order with DHS, the group’s filings said.
Senate Commerce Committee Chairman Jay Rockefeller, a West Virginia Democrat, in September asked all Fortune 500 chief executive officers about their companies’ cybersecurity practices and their views on the federal government’s role in improving computer defenses.
That made companies realize cybersecurity would gain a higher profile in Washington, said Jessica Herrera-Flanigan, a partner at Monument Policy Group, a lobbying firm representing Boeing Co., Microsoft Corp., and LinkedIn Corp.
“Companies are realizing that it’s important to engage with Congress and with the administration to ensure they have input on the development of laws, rules and regulations that affect them,” said Herrera-Flanigan, a former staff director for the House Homeland Security Committee.
Among those registered to lobby on the issue for Ericsson are Rhod Shaw, former chief of staff to Senator Sherrod Brown, an Ohio Democrat; Jared Weaver, former deputy chief of staff to Representative Anna Eshoo, a California Democrat; and Ansley Erdel, who formerly worked for Georgia Republican Nathan Deal.
Lobbyists for Google’s Motorola Mobility unit include Elizabeth Frazee, former counsel for Representative Bob Goodlatte, a Virginia Republican who became chairman of the House Judiciary Committee this year.
The UPS lobbying team on cyber includes Jeff Forbes, former staff director of the Senate Finance Committee and chief of staff to the panel chairman, Max Baucus, a Montana Democrat.
Spokesmen Jimmy Duvall of Ericsson and Cris Paden of Symantec didn’t respond to requests for comment. A UPS spokeswoman, Kara Ross, declined to comment, as did William Moss, a spokesman for Motorola Mobility.
“The new frontier is cyberwar in terms of our national defense,” Gartner’s Litan said. “I’m not surprised the lobbyists are ramping up.”