A divided Congress confronts a rising cyberthreat

By Richard Lardner

Associated Press

Published: Monday, April 23 2012 12:00 a.m. MDT

House Republicans last week scaled back a separate piece of legislation that would have given the Department of Homeland Security and other federal agencies responsibility for ensuring that critical industries met security performance standards. But those requirements were dropped from the bill during a meeting of the House Homeland Security Committee.

Rep. Jim Langevin, co-chairman of the Congressional Cybersecurity Caucus, said the bill was "gutted" because the House Republican leadership sided with business interests opposed to regulations. "We cannot depend on the good intentions of the owners and operators of infrastructure to secure our networks," said Langevin, D-R.I.

The GOP-led House appears to be heading for a showdown with the Democratic-run Senate over an approach on cybersecurity.

A bill sponsored by Sens. Joe Lieberman, I-Conn., and Susan Collins, R-Maine, would give Homeland Security the authority to establish set security standards. Their bill is backed by the Obama administration but it remains stalled in the Senate.

The legislation faces stiff opposition from senior Senate Republicans.

Arizona's John McCain, the top Republican on the Senate Armed Services Committee, said during a hearing last month that the Homeland Security Department is "probably the most inefficient bureaucracy that I have ever encountered" and is ill-equipped to determine how best to secure the nation's essential infrastructure. McCain has introduced a competing bill.

There is little disagreement over damage from cyberattacks.

China and Russia are the most proficient at cyber-espionage, according to U.S. officials who last year accused the two countries of being "aggressive and capable collectors of sensitive U.S. economic information and technologies."

Rear Adm. Samuel Cox, Cyber Command's director of intelligence, said U.S. adversaries are developing cyberweapons at a rapid pace. Unlike the traditional tools of war, there is no technological ceiling for cyberweapons that can cause computers to crash or become hijacked remotely and lead to serious economic damage.

"There is no end in sight," Cox said. "It's not like, 'Well, they're going to reach a limit as to how bad these things could be.'"

If the House intelligence committee's bill becomes law, companies could get "cyberthreat" information and intelligence from the government that would allow them to identify hackers by their electronic signatures and Internet addresses. With that data, which is collected by the NSA, businesses could block attacks or stop them before they do serious damage. Companies would be encouraged to give the government information about attacks but there is no requirement to do so.

The bill would exempt companies that act "in good faith" from liabilities that might come from protecting their own networks or sharing information with the government.

But one expert on the computer systems that monitor and control power grids, oil refineries and chemical plants said critical industries won't provide federal agencies with much because they don't trust the government. Joe Weiss, a nuclear engineer and managing partner of the consulting firm Applied Control Solutions, said another catch is that few companies do the forensic work necessary to understand why a failure occurred and whether it was an attack or simply a software malfunction.

"What information are you going to share," Weiss said, "when you don't even know you've had a problem?"


Associated Press writer Alicia Caldwell contributed to this report.


On the Net:

House intelligence committee: http://intelligence.house.gov/

National Security Agency: http://www.nsa.gov/

Try out the new DeseretNews.com design!
try beta learn more
Get The Deseret News Everywhere