(For other news from the Reuters Cybersecurity Summit, click on
(Adds comments from Johnson, Peter Swire)
By Alina Selyukh
WASHINGTON May 13 Congress is likely to agree
on cybersecurity legislation this summer, U.S. Homeland Security
Secretary Jeh Johnson said on Tuesday, citing growing consensus
among lawmakers on the need to help industry share data with
government about attacks on computer networks.
Lawmakers have been considering legislation to clarify how
private companies should be required to disclose security
breaches and cyber threats, but spats over liability and privacy
protections have repeatedly thwarted comprehensive cybersecurity
"My sense is that there's an effort to try to get something
done this summer," Johnson told the Reuters Cybersecurity
Summit, adding that he has discussed the matter with members of
both the House of Representatives and the Senate.
"I've seen a fair amount of activity coming from both the
House and the Senate and a real bipartisan desire to get
something done," he said.
The legislation could include some targeted,
transaction-specific form of limitations on civil liability to
protect companies that share information about cyber breaches,
Some observers remained skeptical that the divided Congress
could agree on any meaty legislation giving government access to
more data, especially in the wake of revelations about the scope
of U.S. government surveillance programs by former National
Security Agency contractor Edward Snowden.
"Cybersecurity was tough to pass before Snowden. It's much
tougher now," Georgia Tech Professor Peter Swire told the
"I don't believe Congress is going to vote on a massive
increase of information sharing at the same time as it is voting
to end (NSA's) bulk collection," said Swire, a member of
President Barack Obama's independent panel that reviewed U.S.
government spying practices in the wake of Snowden's
But Johnson, who replaced Janet Napolitano as homeland
security secretary in December, said tightening cybersecurity
standards was "a good government, good business" practice that
should not be a "political hot potato," even for a divided
"My sense is that Congress realizes this is an area where we
can legislate and we ought to try," he told the summit.
The issue, he added, does not carry the religious or moral
component of overturning the "don't ask, don't tell" policy that
for 17 years applied to gays and lesbians serving in the
military. Johnson helped to repeal that policy in 2011 while he
was the Defense Department's general counsel.
The House last year for the second time passed a bill
designed to help companies and the government share information
on cyber threats, but it fizzled in the Senate. It did not
address industry standards and the Obama administration had
threatened to veto it over privacy concerns as many Democrats
sought a broader bill.
Efforts to pass cybersecurity legislation got second wind in
Congress last month as leaders of the Senate Intelligence
Committee drafted their own bill, now circulating among key
stakeholders in hopes of avoiding disagreements that have
thwarted passage in the past.
The draft, from Senators Dianne Feinstein, a California
Democrat, and Saxby Chambliss, a Georgia Republican, would offer
liability protections and consider the possibility of data being
shared not only with a civilian government agency but also
military or intelligence agencies.
Privacy advocates have opposed giving companies liability
protections because of concerns about abuses of consumer data.
Besides the limited liability, Johnson said key components
of any legislation would be updating the Federal Information
Security Management Act; clarity on the authority that DHS has
over government web operations; and clarity on what commercial
firms should share with the government.
He did not say if the Feinstein-Chambliss bill met all of
(Reporting by Doina Chiacu, Andrea Shalal, Ros Krasny and Alina
Selyukh in Washington; Editing by Doina Chiacu and Jim Loney)