From: The Hill/Hillicon Valley Technology Blog
By Jennifer Martinez
Sen. Joe Lieberman (I-Conn.) and the co-sponsors of his Cybersecurity Act hit back against the U.S. Chamber of Commerce for its opposition to their bill, writing in a Friday letter that they are “deeply disappointed” with the business lobby’s “mischaracterizations” about the latest version of the measure.
In a letter addressed to the Chamber’s CEO, Thomas Donohue, the senators said they were “baffled” that the business lobby opposes their bill’s “voluntary, incentives-based approach” to protecting the nation’s critical infrastructure. The Chamber had advocated for such an approach in a whitepaper published earlier this year by the business lobby and other industry groups, the senators argued.
“Over the course of the last three years, as we have worked toward a compromise on cybersecurity legislation, the threat of a cyberattack against our country has grown even more serious,” wrote Lieberman and Sens. Susan Collins (R-Maine), Jay Rockefeller (D-W.Va.) and Dianne Feinstein (D-Calif.). “Given the cyberattacks that have affected the Chamber’s own control over the information of its members, we would have hoped that you would have an appreciation for the threat to the national and economic security of our nation.” The co-sponsors sent the letter after Lieberman, Feinstein and Sen. Chris Coons (D-Del.) met with representatives with the business lobby on Friday. The Senate is set to take up the Cybersecurity Act this week after months of political wrangling over the measure.
The senators argued that the Chamber mischaracterized the information sharing section of the bill in a letter it sent to the Senate last week, which urged members to vote against moving the bill forward for debate. In the letter, the Chamber said the latest version of Lieberman’s cybersecurity bill would prevent military agencies like the National Security Agency (NSA) and Department of Defense from receiving cyberthreat information directly from private-sector companies operating critical infrastructure.
Responding to that claim, Lieberman and his bill co-sponsors wrote that a provision in their revised bill “makes clear that such existing and future information sharing can continue if members of the Chamber want to continue to send information directly to the NSA.”
Discussion about the information sharing section of the bill was a top subject at the Friday meeting with the Chamber representatives, senators and staff.
“There’s been a fair amount of public comment by the Chamber about concerns about information sharing, so we literally went through that section page by page to try and better understand their concerns and hopefully they’ll be resolved and addressed,” Coons said after exiting the meeting last week.
“The remaining issue is you’ve got industry groups from lots of different sectors who are sort of struggling or working hard to catch up to what the current language really is in terms of the balance between this [bill] is voluntary, not mandatory … how exactly are the standards set and what’s the liability protection offered?” Coons said. “We’re down to granular details on that.”
The Chamber backs a rival cybersecurity measure authored by Sen. John McCain (R-Ariz.), called the Secure It Act. Unlike Lieberman’s bill, the Secure It Act does not include measures that would incentivize critical infrastructure operators to meet government-developed cybersecurity standards. Instead, it focuses primarily on improving information sharing about cyberthreats between the government and industry.
The business lobby didn’t stay quiet after receiving the letter from the Cybersecurity Act’s co-sponsors.
Matt Eggers, the Chamber’s senior director of national security and emergency preparedness, took another swipe at the cybersecurity bill’s co-sponsors in a blog post published on Monday, arguing that “the criticisms of our positions are little more than a distraction from central issues not addressed by S. 3414.” Eggers argued that information-sharing legislation–such as Sen. John McCain (R-Ariz.)’s competing Secure IT Act and the House’s Cyber Intelligence Sharing and Protection Act–would help businesses combat cyberthreats because it “incentivizes businesses to disclose cyber threat information that would benefit their peers and the government.”
He added that if “Congress wants to encourage businesses to enhance their cybersecurity for the public good, which is a worthy goal, then it should offer businesses some legitimate carrots—and not use incentives as a thinly veiled way to regulate the business community.”
The Obama administration and co-sponsors of Lieberman’s bill argue that information sharing measures aren’t enough to address security gaps in the computer systems of critical infrastructure, noting that current and former defense officials have called for critical infrastructure operators to follow some sort of baseline cybersecurity standards. The Chamber has argued that these critical infrastructure provisions would be voluntary in theory, but ultimately tack additional regulations onto industry.
Leave a Reply