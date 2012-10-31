* Information sharing with private sector a key goal
* Recent cyber attacks add to sense of urgency
By Andrea Shalal-Esa
WASHINGTON, Oct 31 Senate Majority Leader Harry
Reid hopes to reintroduce cyber security legislation opposed by
business groups once lawmakers return after Tuesday's election,
a Senate aide said, adding that a White House executive order
might pave the way for a compromise on the bill.
Senator Joe Lieberman, one of the authors of the bill, would
consider dropping a provision aimed at shoring up protection of
critical infrastructure that had raised concerns among Senate
Republicans, if that issue could be addressed in an executive
order, Jeffrey Ratner, senior adviser for cybersecurity on the
Senate Homeland Security Committee, said Wednesday.
Lieberman, who heads the committee, "wants legislation, but
he's willing to focus on the rest of this bill, because there
are important things there that he believes need to be
implemented," Ratner said after a cyber security event hosted by
the Washington Post.
"That is the easiest mechanism but we're open to other
things," Ratner said, noting that Lieberman viewed it as
critical to move ahead on a measure that would increase
information-sharing between intelligence agencies and private
companies.
He said final decisions on how to proceed would be made
depending on the outcome of the election, but the cyber security
bill was one of the first items Reid wanted to tackle when
lawmakers came back to Washington.
The Senate bill floundered in August after just 52 of the 60
votes needed to advance the bill to a final vote were secured.
Business groups opposed what they viewed as
over-regulation, while privacy groups worried that the measure
would open the door to Internet eavesdropping.
But congressional aides and cyber experts say the bill could
get some fresh momentum given a spate of cyber attacks in recent
weeks targeted at banks and financial institutions, as well a
virus that disabled more than 30,000 computers at Saudi Arabia's
state oil company, ARAMCO.
Defense Secretary Leon Panetta gave a major policy speech
earlier this month about cyber threats, and the White House is
expected to issue an executive order to increase oversight of
security measures in the private sector.
CONCERN ON VULNERABILITIES
Homeland Security Secretary Janet Napolitano on Wednesday
again urged Congress to pass legislation that would help expand
information-sharing between the government and private industry,
noting that U.S. financial institutions and stock exchanges had
already been targeted.
"We know there are vulnerabilities. We are working with
them on that," Napolitano told executives at the Washington Post
event. She said her agency was trying to adopt a more proactive
approach to anticipate the next sector that could be targeted,
noting that the U.S. energy sector was a particular concern.
James Lewis, cyber expert at the Center for Strategic and
International Studies, said one possibility might be to
conference the Senate bill and a separate, bipartisan measure
introduced in the House of Representatives by Chairman of the
House Intelligence Committee Mike Rogers and the top Democrat on
that panel, C.A. Ruppersberger.
The idea, he said, would be to come up with some "minimally
acceptable, passable thing."
Dmitri Alperovitch, chief technology officer of CrowdStrike,
said passing legislation was only part of the solution and
congressional passage of a watered-down bill might make it tough
to get other needed changes enacted in coming years.
He said private companies and the government already shared
information, but the bigger issue was that the government had
been unwilling to take action against cyber attackers, even in
cases involving major penetrations of private networks.
"We're having the wrong debate," he said, noting that
private companies were also nervous about sharing information
with the government given leaks in previous cases. "What's the
benefit of information-sharing if you're not going to act on the
information?"