Bigger US role against companies' cyberthreats?

February 6, 2012 By LOLITA C. BALDOR , Associated Press
In this Sept. 21, 2011, file photo Senate Homeland Security and Governmental Affairs Chairman Sen. Joseph Lieberman, I-Conn. presides over the committee's hearing on Capitol Hill in Washington. A developing Senate plan that would bolster the government’s ability to regulate the computer security of companies that run critical industries is drawing strong opposition from businesses that say it goes too far and security experts who believe it should have even more teeth. “But where the market has failed, and critical systems are insecure, the government has a responsibility to step in,” said Leiberman. (AP Photo Manuel Balce Ceneta, File)

(AP) -- A developing Senate plan that would bolster the government's ability to regulate the computer security of companies that run critical industries is drawing strong opposition from businesses that say it goes too far and security experts who believe it should have even more teeth.

Legislation set to come out in the days ahead is intended to ensure that computer systems running power plants and other essential parts of the country's infrastructure are protected from hackers, terrorists or other criminals. The , with input from businesses, would select which companies to regulate; the agency would have the power to require better computer security, according to officials who described the bill. They spoke on condition of anonymity because lawmakers have not finalized all the details.

Those are the most contentious parts of legislation designed to boost cybersecurity against the constant attacks that U.S. government, corporate and personal computer networks and accounts. Authorities are increasingly worried that cybercriminals are trying to take over systems that control the inner workings of water, electrical, nuclear or other .

That was the case with the Stuxnet computer worm, which targeted Iran's in 2010, infecting laptops at the Bushehr .

As much as 85 percent of America's critical infrastructure is owned and operated by private companies

The emerging proposal isn't sitting well with those who believe it gives Homeland Security too much power and those who think it's too watered down to achieve real security improvements.

One issue under debate is how the bill narrowly limits the industries that would be subject to regulation.

Summaries of the bill refer to companies with systems "whose disruption could result in the interruption of life-sustaining services, catastrophic or severe degradation of national security capabilities."

Critics suggest that such limits may make it too difficult for the government to regulate those who need it.

There are sharp disagreements over whether Homeland Security is the right department to enforce the rules and whether it can handle the new responsibilities. U.S. officials familiar with the debate said the department would move gradually, taking on higher priority industries first.

"The debate taking place in Congress is not whether the government should protect the American people from catastrophic harms caused by cyberattacks on , but which entity can do that most effectively," said Jacob Olcott, a senior cybersecurity expert at Good Harbor Consulting.

Under the legislation, Homeland Security would not regulate industries that are under the authority of an agency, such as the Nuclear Regulatory Commission, with jurisdiction already over cyber issues.

"Where the market has worked, and systems are appropriately secure, we don't interfere," said Sen. Joe Lieberman, I-Conn., chairman of the Senate Homeland Security and Governmental Affairs Committee. "But where the market has failed, and critical systems are insecure, the government has a responsibility to step in."

The bill, written largely by the Senate Commerce, Science and Transportation Committee and the Senate homeland panel, is also notable for what it does not include: a provision that would give the president authority to shut down Internet traffic to compromised Web sites during a national emergency. This `"kill switch" idea was discussed in early drafts, but drew outrage from corporate leaders, privacy advocates and Internet purists who believe cyberspace should remain an untouched digital universe.

While the Senate is pulling together one major piece of cybersecurity legislation, the House has several bills that deal with various aspects of the issue.

A bill from a House Homeland Security subcommittee doesn't go as far as the Senate's in setting the government's role. Still, it would require DHS to develop cybersecurity standards and work with industry to meet them.

"We know voluntary guidelines simply have not worked," said Rep. Jim Langevin, D-R.I. "For the industries upon which we most rely, government has a role to work with the private sector on setting security guidelines and ensuring they are followed."

Stewart Baker, a former assistant secretary at , said the government must get involved to force companies to take cybersecurity more seriously.

Concerns about federal involvement, he said, belie the fact that computer breaches over the past several years make it clear that hackers and other governments, such as China and Russia, are already inside many industry networks.

"They already have governments in their business, just not the U.S.," said Baker. "For them to say they don't want this suggests they don't really understand how bad this problem is."

Industry groups have lobbied against the Senate bill's regulatory powers and say new mandates will drive up costs without increasing security.

They say businesses are trying to secure their networks and need legal protections built into the law so they can share information with authorities without risking antitrust or privacy violations.

In a letter to lawmakers this past week, the U.S. Chamber of Commerce said any additional regulations would be counterproductive and force businesses to shift their focus from security to compliance.

Liesyl Franz, a vice president at TechAmerica, which represents about 1,200 companies, said businesses would prefer to work with the government to enhance security rather than face more regulations. She said companies coping with the potential security risks, market consequences, and damage to corporate reputations, are defending against cyberthreats.

Senior national security officials were on Capitol Hill last week to talk to senators about the growing cybersecurity threat. After the meeting, Sen. Susan Collins, R-Maine, said she's always had a sense of urgency about it, adding, "I hope the briefing gives that same sense of urgency to members to put aside turf battles."

She said senators are reviewing concerns raised by the Chamber about the bill.

Explore further: White House set to unveil cyber plan


Related Stories

White House set to unveil cyber plan

May 12, 2011

The White House on Thursday is expected to unveil its proposal to enhance the nation's cybersecurity, laying out plans to require industry to better protect systems that run critical infrastructure like the electrical grid, ...

White House unveils cybersecurity plan

May 12, 2011

Companies that run critical U.S. industries such as power plants would get government incentives to make sure their systems are secure from computer-based attacks, the White House said Thursday, detailing its broad proposal ...

Stuxnet virus could target many industries

November 17, 2010

(AP) -- A malicious computer attack that appears to target Iran's nuclear plants can be modified to wreak havoc on industrial control systems around the world, and represents the most dire cyberthreat known to industry, ...

Recommended for you

Top takeaways from Consumers Electronics Show

January 13, 2018

The 2018 Consumer Electronics Show, which concluded Friday in Las Vegas, drew some 4,000 exhibitors from dozens of countries and more than 170,000 attendees, showcased some of the latest from the technology world.

Finnish firm detects new Intel security flaw

January 12, 2018

A new security flaw has been found in Intel hardware which could enable hackers to access corporate laptops remotely, Finnish cybersecurity specialist F-Secure said on Friday.


Adjust slider to filter visible comments by rank

Display comments: newest first

4 / 5 (1) Feb 06, 2012
Cybersecurity issues only exist because for decades American corporations have been permitted to create a communications infrastructure that has actively promoted standards and protocols that have violated every rational step to promote a secure communication infrastructure.

Consider the vision of Microsoft to cause PC's to run unsandboxed applications distributed from unknown sources on the net not just when a user clicks on a desktop icon, but when a user simply rolls his/her mouse over a desktop or browser hotspot.

Also consider the massive Java Script applications that are loaded with every web page viewed. All until recently run in an unsandboxed state, and even recently in sandboxes that are not secure.

We are now 20 years since the advent of the browser as the primary mechanism of interacting with web based content, and web based infections are still commonplace.

All problems created by the computing industry, adopted by the retail industry and now so deeply ingrained tofix
1 / 5 (2) Feb 06, 2012
Growing up I was told homelands were something that needed carpet bombing and where nazis planing world domination come withing 600 meters of my doorstep before freezing to death.
1 / 5 (1) Feb 06, 2012
The insipid creep of socialism continues its march, and Lieberman whistles happily at the lead. THX1138 is his dog.
5 / 5 (2) Feb 06, 2012
I'm all for the free market but when as the global financial crisis has shown, when the free market gets in trouble, the mantra 'too big too fail' gets repeated frantically by the same entities that spurned governmental regulation. In my opinion, we must consider the branches of politics and enterprise guilty until proven innocent by virtue of prudent actions, not words.
1 / 5 (1) Feb 06, 2012
Joe Lieberman --as presently constituted-- poses the biggest threat known to America's security. I say send HIM to hotel gitmo.

Oh, and "ngmatic 10" it's apparent that you don't understand
--through either context or definition-- the terms "socialist" or "socialism". Go back to school and learn the particulars of those things about which you babble.
Joe Lieberman is the Enemy for reasons almost exactly opposite those presented in your trite little metaphor.

There is already a surplus of ignorant, braindead commentary spouted here, without you adding to it.

1 / 5 (1) Feb 07, 2012
@Caliban -
I know exactly what socialism is and trust me, since before leibermans insipid attempt at the white house, i have been following his career and he really does want governmental control over what is allowed to be sold, above and beyond reason. But hey, thanks for your ad hominem attack, though it really only showed how much you seem to be what you preached.

""so·cial·ism noun \s-sh-li-zm\

Definition of SOCIALISM

: any of various economic and political theories advocating collective or governmental ownership and administration of the means of production and distribution of goods""

-last paragraph added for the short bus crew only.
5 / 5 (1) Feb 07, 2012
I like the picture of Lieberman they used. "bwaahhh I'm an old man!"
5 / 5 (1) Feb 07, 2012

If you know what Socialism is, why did you have to c&p the dictionary to post the definition?

Socialism advocates ownership by the community, for the benefit of the community, not by and for the government. Centralized Govt control is Communism

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.