WASHINGTON: Many members of Congress don’t really understand cyber issues and that’s getting in the way of passing legislation to protect the country, the leader of the House Homeland cybersecurity subcommittee.
The public takes the use of the Internet for granted and that complacency extends to some members of Congress said Dan Lungren, chairman of the House Homeland cybersecurity subcommittee. “It is not just a domain of warfare. It is a domain of everyday living. Everything we do depends on that today,” he said at a recent defense industry conference.
Because of the inordinate trust the public puts in computers and mobile devices, it is difficult to convince people about the threat, Lungren said. While there is some concern about issues like identity theft, the public and members of Congress have pushed back against measures such as providing additional personal information to government agencies. Much of this mistrust comes from the view that cybersecurity is effectively managed by intelligence organizations like the CIA and the National Security Agency.
Lungren knows about pushback. Earlier this year, his bill, the PRECISE Act (H.R. 3674) was gutted during a contentious markup session in the House Homeland Security Committee. The bill called for the Department of Homeland Security to work with the owners and operators of critical infrastructure to help mitigate risks. The bill would have set up a public/private advisory council headed by DHS. This is important for public trust he said, because it would be a civilian, not a military or intelligence agency, protecting the national infrastructure.
The House bill became part of a larger struggle in the Senate, where similar cybersecurity legislation died over issues of privacy and control. In the face of the Hill’s failure to pass a bill, Lungren is pinning his hopes on an upcoming executive order from the White House. He said the executive order resembles his legislation and a failed bill by Sen. Joseph Lieberman in that it will set up a voluntary program where companies operating critical infrastructure can meet a set of best practices. Lieberman’s bill was defeated in August by Republican opposition backed by the U.S Chamber of Commerce, which felt that the bill would be overly intrusive and require firms to comply with potentially costly federal standards.
Lungren said legislation still working its way through Congress does not give the DHS enough authority over protecting national infrastructure. While many government organizations have worked out an informal information sharing system for reporting and responding to cyber attacks, this can change at the whim of a new administration. What is needed is a legal framework to formalize the process, he said.
As part of the effort to plug the security holes, Sen. Jay Rockefeller wrote a letter to the heads of Fortune 500 companies asking for their views on cybersecurity. He asks if the firms have developed best practices for cyber defense and how they are using them. Once lawmakers get feedback from the business sector, the hope is for new legislation to be crafted sometime next year.