Experts urge stronger online regulation bill

Feb 16, 2012 By LOLITA C. BALDOR , Associated Press

Cybersecurity experts urged senators Thursday to close loopholes in legislation to give the government more power to force critical industries to make their computer networks more secure.

Experts told the Senate Homeland Security and Governmental Affairs Committee said the bill could allow many companies to avoid regulation entirely or drag out the process for up to eight years before they would actually have to improve their computer security.

The legislation would limit the number of industries subject to regulation to those in which a cyberattack could cause "an extraordinary number of fatalities" or a "severe degradation" of national security.

"So an individual infrastructure owner, such as a rural electricity provider, has no responsibility under this title if it can show that an undefended cyberattack would only cause an ordinary number of fatalities?" said Stewart Baker, a former assistant secretary at the Department of Homeland Security who is now with the law firm of Steptoe & Johnson. "How many dead Americans is that, exactly?"

Baker and James Lewis, a cybersecurity expert and senior fellow at the Center for Strategic and International Studies, said the bill takes important steps toward improving computer security.

But they said the measure has been weakened by corporate and other interests arguing against any attempt at regulation.

By using "terms like mass casualties, mass evacuations, or effects similar to weapons of mass destruction, we are essentially writing target lists for our attackers," said Lewis. "They will attack what we choose not to defend."

The legislation is intended to ensure that computer systems running power plants and other essential parts of the country's infrastructure are protected from hackers, terrorists or other criminals.

The Department of Homeland Security, with input from businesses, would select which companies to regulate, and the agency would have the power to require better computer security.

U.S. authorities are increasingly alarmed about the constant attacks that target U.S. government, corporate and personal computer networks and accounts. And they worry that cybercriminals will try to take over systems that control the inner workings of water, electrical, nuclear or other power plants.

The most glaring example of that was the Stuxnet computer worm, which targeted Iran's nuclear program in 2010, infecting laptops at that nation's Bushehr nuclear power plant.

Business groups argue that more regulation is not the answer and that any new mandates will drive up costs without really increasing security. And Sen. John McCain, R-Ariz., voiced his opposition to the bill Thursday saying that several Republicans will introduce their own legislation that will call for more information sharing and cooperation with the private sector, rather than regulations.

He said the regulations in the committee's bill "would stymie job-creation, blur the definition of private property rights and divert resources from actual cybersecurity to compliance with government mandates."

Sen. Joe Lieberman, I-Conn. and chairman of the Homeland Security panel, said the bill will better arm the country against enemies and terrorists who "who would use the Internet against us as surely as they turned airliners into guided missiles."

And Sen. Susan Collins of Maine, the senior Republican on the committee, said the attacks threaten U.S. economic stability. One study, she said, estimated that global cybercrime costs as much as $388 billion annually.

Lieberman and Collins said the committee worked hard to involve business groups in the development of the bill, and made changes to address their concerns.

Collins added that members of Congress should not be in the position where there is a destructive cyberattack and they have to look back and say "if only" they had taken action when they could.

During a House Appropriations subcommittee hearing Thursday, Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff, said the legislation is needed to help combat a rising threat to the U.S. homeland.

"We can't place enough emphasis on it," he said, adding that there is nowhere in the U.S. that is adequately protected against cyberattacks by fringe groups and hackers.

Explore further: Social Security spent $300M on 'IT boondoggle'

not rated yet
add to favorites email to friend print save as pdf

Related Stories

Bigger US role against companies' cyberthreats?

Feb 06, 2012

(AP) -- A developing Senate plan that would bolster the government's ability to regulate the computer security of companies that run critical industries is drawing strong opposition from businesses that say ...

US Senate in new cybersecurity push

Feb 15, 2012

US senators, warning of potentially catastrophic cyberattacks, introduced a bill Tuesday aimed at protecting critical infrastructure such as power, water and transportation systems.

White House unveils cybersecurity plan

May 12, 2011

Companies that run critical U.S. industries such as power plants would get government incentives to make sure their systems are secure from computer-based attacks, the White House said Thursday, detailing its broad proposal to beef up the country's cybersecurity. ...

White House set to unveil cyber plan

May 12, 2011

The White House on Thursday is expected to unveil its proposal to enhance the nation's cybersecurity, laying out plans to require industry to better protect systems that run critical infrastructure like the electrical grid, ...

Stuxnet virus could target many industries

Nov 17, 2010

(AP) -- A malicious computer attack that appears to target Iran's nuclear plants can be modified to wreak havoc on industrial control systems around the world, and represents the most dire cyberthreat known to industry, ...

Cyber criminals targeting small businesses

Sep 14, 2009

(AP) -- Cyber criminals are increasingly targeting small and medium-sized businesses that don't have the resources to keep updating their computer security, according to federal authorities.

Recommended for you

Surveillance a part of everyday life

10 minutes ago

Details of casual conversations and a comprehensive store of 'deleted' information were just some of what Victoria University of Wellington students found during a project to uncover what records companies ...

European Central Bank hit by data theft

40 minutes ago

(AP)—The European Central Bank said Thursday that email addresses and other contact information have been stolen from a database that serves its public website, though it stressed that no internal systems or market-sensitive ...

Twitter admits to diversity problem in workforce

3 hours ago

(AP)—Twitter acknowledged Wednesday that it has been hiring too many white and Asian men to fill high-paying technology jobs, just like several other major companies in Silicon Valley.

Social Security spent $300M on 'IT boondoggle'

14 hours ago

(AP)—Six years ago the Social Security Administration embarked on an aggressive plan to replace outdated computer systems overwhelmed by a growing flood of disability claims.

Six charged in global e-ticket hacking scheme

15 hours ago

Criminal charges were filed Wednesday against six people in what authorities said was a global cyber-crime ring that created fraudulent e-tickets for major concerts and sporting events.

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

brant
not rated yet Feb 17, 2012
Fire all of our politicians!!!!