Senators launch new push for cybersecurity bill

WASHINGTON Tue Feb 14, 2012 5:07pm EST

WASHINGTON (Reuters) - Leading senators introduced a cybersecurity bill on Tuesday aimed at safeguarding the nation's water and power systems, which experts have warned often only have the most rudimentary protections against hackers.

Senators John Rockefeller and Dianne Feinstein, both Democrats; Susan Collins, a Republican, and Joseph Lieberman, an independent, drafted a comprehensive bill that would require the secretary of homeland security to designate certain infrastructure as critical and compel steps to safeguard against hackers.

"The prospect of mass casualty is what has propelled us to make cybersecurity a top priority for this year, to make it an issue that transcends political parties or ideology," Rockefeller told the Senate on Tuesday morning.

He noted hackers' success in breaking into sensitive government agencies and Fortune 500 companies, and warned that air traffic control, rail switching networks and chemical pipelines could be the next target.

Under the bill, some financial networks, or portions of networks, could be deemed critical if damage to them could result in catastrophic economic damage to the country.

The Department of Homeland Security would have the power to penalize companies that do not put in place appropriate safeguards. However, companies that have good security and are hacked anyway will not be liable for damages.

The legislation would also ease information-sharing between the federal government and the private sector to combat cyber crime and espionage, and would require the government to take steps to secure its own networks.

Last, it would update recruitment of cybersecurity experts into the federal workforce.

Senate Majority Leader Harry Reid last year called for the drafting of a comprehensive cybersecurity bill, and this 207-page bill is the product.

Defense contractors such as Lockheed Martin Corp have been among the high-profile victims of cyberattacks. Others include Google Inc, Citigroup and Nasdaq OMX.

Industry has fought back and succeeded in stopping previous cybersecurity bills, even though experts have warned for years that portions of the U.S. critical infrastructure - particularly water and electrical plants - sometimes have woefully inadequate defenses against hackers.

Industry opposes additional regulations as burdensome and argues it should focus on fighting hackers instead of complying with government rules.

Companies will likely try to weaken the measure in coming weeks and months, said James Lewis, a cybersecurity expert for the Center for Strategic and International Studies.

"The spin is that it's burdensome regulation and will hurt innovation. The counter to that is 'OK, we'll sacrifice national security,'" he said. "It would be really nice to have something (legal) in place but just because we need it doesn't mean we're going to get it."

The House of Representatives is considering legislation that overlaps with the Rockefeller bill on some points.

Republican Representative Mac Thornberry, who oversaw the writing of a report outlining Republican priorities, supports regulation to require better cyber defenses for critical companies.

A key difference would be that the companies' usual regulator, rather than the Department of Homeland Security, would oversee the new regulation.

(Reporting By Diane Bartz; Editing by Steve Orlofsky and Richard Chang)

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (1)
Samcomments wrote:
Fantastic. Another big government bill to create another ‘task force’ to oversee yet another ‘problem.’ And imagine that – it has bipartisan support!!

Senators: don’t you think Google, and Lockheed Martin, etc. already are doing their best to avoid getting hacked into?? IT people luuuuv to catch hackers and put everyone on security alert.

Let those of us who are actually in the programming and networking world clue you in: Common practices do not HELP security. They only help hackers. An analogy: If everyone used the exact same set of locks on their house doors, don’t you think it would be easier for robbers to pick locks?

CLUELESS as always. That’s our Congress.

oh, if you need something to do – we do have a deficit right now. Work on that.

Feb 14, 2012 1:15pm EST  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.