Mar 28, 2012
"It's not just a national security problem, it's a national interest problem ... our economic prosperity is also threatened" ... Tim Scully, former head of the Defence Department's Cyber Security Operations Centre.
US companies and the US government would be able to share information about cyber security threats more easily under a bill introduced in the US House of Representatives on Tuesday.
The proposed legislation and related bills before Congress respond to widespread and growing concern about incursions into US networks by hackers looking to steal everything from state secrets to credit card numbers to intellectual property.
The bill sponsored by Representatives Mary Bono Mack and Marsha Blackburn, both Republicans, increases penalties for hacking into servers and removes roadblocks that prevent government security experts from discussing threats with their counterparts at internet service providers and other companies.
The House bill introduced on Tuesday is very similar to legislation in the Senate proposed by Senator John McCain earlier this month.
With members of both parties jockeying for position in advance of the November 6 election, it is likely to be tough to pass any major legislation this year. Still, experts are hopeful the two chambers will agree on some sort of cyber security bill because lawmakers on both sides of the aisle believe it is needed.
Many cyber security bills
Representative Jim Langevin called the Bono Mack bill thoughtful, but inadequate. In particular, he criticised its reliance on a voluntary approach to address vulnerabilities in critical infrastructure such as the electric grid.
"That approach has failed us over the last decade," he said in a statement. "We need swift action to compel these companies to invest in our national security before it's too late."
Langevin has co-sponsored legislation that would establish cyber security standards for critical, private networks.
The House is also considering a bill introduced by Representative Mike Rogers, the Republican chairman of the US House of Representatives intelligence committee, and the panel's senior Democrat, Representative C.A. "Dutch" Ruppersberger.
That bill would allow the National Security Agency, for example, to tell internet service providers about different cyber threats the intelligence agency has detected so the ISP can then block traffic to its customers from anything with that signature.
On the Senate side, there is a comprehensive bill supported by Senate Majority Leader Harry Reid that would require upgrades in security for critical national infrastructure to prevent a catastrophic attack on the nation's water supply, electric grid, financial networks and transportation infrastructure.
The legislative efforts follows a spate of high profile hacks that have alarmed experts. Victims have included defense contractors such as Lockheed Martin, web search leader Google, Citigroup and exchange operator Nasdaq.
Politicians have not been immune. In 2008, hackers targeted both President Barack Obama and McCain's presidential campaigns.
The White House is eager to see cyber security legislation, but Howard Schmidt, the White House cyber security policy coordinator, has said the federal government could do more even without legislation. As one example, the Department of Energy could push harder to prompt electric utilities to ward off hacking intrusions.