(For other news from Reuters Cybersecurity Summit, click on http://www.reuters.com/summit/Cyber13)
* White House, lawmakers talking
* Lawmakers more educated this time around
* Cyber attacks, espionage major threat to U.S.
By Deborah Charles and Alina Selyukh
WASHINGTON, May 16 (Reuters) – Six months after a U.S.
cybersecurity bill died in the Senate, some Obama administration
officials and lawmakers are optimistic they can get a new law
passed amid heightened public awareness of hacking attacks and
cyber espionage.
With top intelligence officials warning that cyber attacks
have replaced terrorism as the leading threat against the United
States, the White House and lawmakers have spent months
discussing how to improve the flow of information between the
government and the private sector.
A second go-around for the Cyber Intelligence Sharing and
Protection Act (CISPA) was approved by the Republican-controlled
House of Representatives in a bipartisan vote on April 18,
though the White House has again threatened to veto the bill
unless more protections for privacy and civil liberties are
added.
Still, senior Obama administration officials say
behind-the-scenes talks with lawmakers this time around are
constant, more serious and more productive.
“I actually think that the outlook is significantly better
than it was last year,” the White House cybersecurity policy
coordinator, Michael Daniel, told the Reuters Cybersecurity
Summit in Washington this week. “What has impressed me has been
the willingness of everybody involved to actually continue
having those discussions and to continue that extensive level of
dialogue trying to find some solutions.”
While Daniel cautioned that it is never easy to get the
divided House and Senate to agree to anything, he predicted that
final cyber legislation might be seen by the fall.
“A lot of us are concerned about getting a good piece of
cybersecurity legislation before something really bad happens.
As a general rule, legislation that is produced immediately
after a crisis is not as good as the stuff that can be done when
it’s more thought-out,” he said.
Last year, the Senate failed to pass a comprehensive
cybersecurity bill that combined information-sharing provisions
similar to those in the current CISPA with voluntary
cybersecurity standards for businesses that control critical
U.S. infrastructure.
Since then, President Barack Obama has signed an executive
order that directs government officials to set voluntary
standards to reduce cybersecurity risk and offer incentives to
private companies to adopt them.
A series of high-profile cyber attacks – such as repeated
disruptions of the online banking sites of major U.S. banks, or
markets plunging on a fake message on the AP Twitter feed about
a White House bombing that never happened – have built momentum
behind cyber legislation.
SEPARATE BILLS
The Senate does not plan to vote on CISPA, but is expected
instead to take up its own cyber-related bills. On Wednesday,
Senate Intelligence Committee Chairman Dianne Feinstein, a
California Democrat, said her panel was drafting a version of an
information-sharing bill.
Congressional aides said staff and lawmakers from both sides
of the aisle are constantly meeting on the issue. One Senate
aide said it was a collaborative process to agree on multiple
key elements to make the overall law stronger.
Representative Mike Rogers, chairman of the House
intelligence committee and CISPA co-author, said key senators
including Feinstein were “completely all in” on the need to pass
a cybersecurity law. The Michigan Republican predicted that
House and Senate lawmakers could work out an agreement on at
least an information-sharing bill.
“I think we’re finally coming to the consensus here that
hey, let’s pass what we can pass and take another bite. This
isn’t the end-all cure-all,” Rogers told the summit.
He said a meeting was scheduled this week – with more to
come – between the House and the Senate to discuss in detail the
elements of cyber legislation and see where compromise could be
reached, without starting completely from scratch.
Rogers predicted that if a bill could pass through both
houses of Congress, Obama would sign it despite the veto threat.
URGENT NEED
Top administration officials have underscored the urgent
need for laws that would complement Obama’s executive order and
help ensure the government and the private sector are on the
same page when it comes to threats posed to critical U.S.
infrastructure.
Homeland Security Secretary Janet Napolitano said many
lawmakers received classified briefings last year on cyber
threats, and better education on cyber risks means “we’re
starting from a much better base” on legislation.
“There’s a lot of work going on behind the scenes,”
Napolitano told the summit. “There are many fewer concerns than
there were last time around.”
But officials acknowledge that hurdles remain. For example,
some senators, like Homeland Security Committee Chairman Tom
Carper, prefer a more comprehensive bill.
“While information sharing is an important part of our
efforts, it is only one of many elements needed to properly
bolster our cyber defenses,” Carper, a Delaware Democrat, said
in a statement.
Other issues he says he would like to address in legislation
include protections for critical infrastructure, security of
federal agency networks, cyber workforce development and
notification of data breaches.
Some private industry security experts were skeptical about
the prospects for broad legislation, as well as the
effectiveness of such laws in preventing cyber attacks. Shane
Shook, chief knowledge officer at cybersecurity services company
Cylance Inc, suggested the private sector should organize
information sharing itself.
“Comprehensive legislation is never going to happen that can
be effective over all 18 sectors,” Shook told the summit.
Ira Winkler, president of the Information Systems Security
Association, said he was skeptical that any meaningful
legislation would pass this year, barring a major cyber attack
that damaged U.S. infrastructure.
“We hear about wake-up calls, but people keep hitting the
snooze button,” he said.
(Additional reporting by Andrea Shalal-Esa and Thomas Ferraro;
Editing by Tiffany Wu and Mohammad Zargham)
