WASHINGTON (Reuters) - Compromise legislation introduced in the U.S. Senate on Thursday would bolster cyber threat assessment and permit the government to share information with American business under certain conditions, a step aimed at better protecting them from attacks.
The bill, which is supported by President Barack Obama, is a bipartisan effort to unify approaches and address privacy concerns about information-sharing between the government and business interests linked to infrastructure networks.
“The cyber threat to our nation is one of the most serious economic and national security challenges we face,” Obama said in an opinion piece in the Wall Street Journal to be published on Friday, noting that no one has managed to damage or disrupt infrastructure networks so far.
“But foreign governments, criminal syndicates and lone individuals are probing our financial, energy and public safety systems every day,” Obama said.
“It would be the height of irresponsibility to leave a digital backdoor wide open to our cyber adversaries,” he said.
Susan Collins, the top Republican on the Senate Homeland Security Committee and a co-sponsor of the bill, said experts have “repeatedly warned” the computer networks that run the electric grid, water systems, financial networks, and transportation systems are vulnerable to cyber attack.
“The data and the headlines make it clear that we have already waited too long to address this escalating threat. In an effort to move this overdue legislation forward, the measure released today represents the Senate’s best chance to pass cyber legislation this year,” Collins said.
A Homeland Security Department report earlier this month said it received 198 reports of suspected cyber incidents, or security threats, in 2011, more than four times the 2010 level.
The report cited cases in which firms were infected with malicious software designed for espionage and fraud. More than 40 percent of the incidents were from the water sector.
Moreover, Obama said a water plant in Texas last year disconnected its controls from the Internet when a hacker posted pictures of the facility’s internal controls. More recently, Obama said, hackers penetrated networks of companies operating natural gas pipelines.
Congress has been wrangling over the legislation. Privacy advocates have criticized past proposals, including a House-passed bill in April, as overly intrusive.
The Senate plan seeks to address that concern.
It would create a public-private partnership to set cyber security standards for critical infrastructure and offer some immunity from liability to those who meet them.
It would permit information-sharing between the private sector and the federal government on threats, incidents, and fixes, while intending to preserve civil liberties and the privacy of users.
Industry groups would be permitted to develop and recommend to a multi-agency Cybersecurity Council voluntary approaches to mitigate risks.
Current regulators would continue to oversee their industry sectors.
Reporting By John Crawley; Editing by Eric Walsh