WASHINGTON (Reuters) - Senate Majority Leader Harry Reid hopes to reintroduce cyber security legislation opposed by business groups once lawmakers return after Tuesday’s election, a Senate aide said, adding that a White House executive order might pave the way for a compromise on the bill.
Senator Joe Lieberman, one of the authors of the bill, would consider dropping a provision aimed at shoring up protection of critical infrastructure that had raised concerns among Senate Republicans, if that issue could be addressed in an executive order, Jeffrey Ratner, senior adviser for cybersecurity on the Senate Homeland Security Committee, said Wednesday.
Lieberman, who heads the committee, “wants legislation, but he’s willing to focus on the rest of this bill, because there are important things there that he believes need to be implemented,” Ratner said after a cyber security event hosted by the Washington Post.
“That is the easiest mechanism but we’re open to other things,” Ratner said, noting that Lieberman viewed it as critical to move ahead on a measure that would increase information-sharing between intelligence agencies and private companies.
He said final decisions on how to proceed would be made depending on the outcome of the election, but the cyber security bill was one of the first items Reid wanted to tackle when lawmakers came back to Washington.
The Senate bill floundered in August after just 52 of the 60 votes needed to advance the bill to a final vote were secured. Business groups opposed what they viewed as over-regulation, while privacy groups worried that the measure would open the door to Internet eavesdropping.
But congressional aides and cyber experts say the bill could get some fresh momentum given a spate of cyber attacks in recent weeks targeted at banks and financial institutions, as well a virus that disabled more than 30,000 computers at Saudi Arabia’s state oil company, ARAMCO.
Defense Secretary Leon Panetta gave a major policy speech earlier this month about cyber threats, and the White House is expected to issue an executive order to increase oversight of security measures in the private sector.
Homeland Security Secretary Janet Napolitano on Wednesday again urged Congress to pass legislation that would help expand information-sharing between the government and private industry, noting that U.S. financial institutions and stock exchanges had already been targeted.
“We know there are … vulnerabilities. We are working with them on that,” Napolitano told executives at the Washington Post event. She said her agency was trying to adopt a more proactive approach to anticipate the next sector that could be targeted, noting that the U.S. energy sector was a particular concern.
James Lewis, cyber expert at the Center for Strategic and International Studies, said one possibility might be to conference the Senate bill and a separate, bipartisan measure introduced in the House of Representatives by Chairman of the House Intelligence Committee Mike Rogers and the top Democrat on that panel, C.A. Ruppersberger.
The idea, he said, would be to come up with some “minimally acceptable, passable thing.”
Dmitri Alperovitch, chief technology officer of CrowdStrike, said passing legislation was only part of the solution and congressional passage of a watered-down bill might make it tough to get other needed changes enacted in coming years.
He said private companies and the government already shared information, but the bigger issue was that the government had been unwilling to take action against cyber attackers, even in cases involving major penetrations of private networks.
“We’re having the wrong debate,” he said, noting that private companies were also nervous about sharing information with the government given leaks in previous cases. “What’s the benefit of information-sharing if you’re not going to act on the information?”
Editing by Cynthia Osterman