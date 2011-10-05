* Report skeptical of Senate's comprehensive approach
* Regulation for critical infrastructure may be needed
By Laura MacInnis and Diane Bartz
WASHINGTON, Oct 5 A Republican task force in
the U.S. House of Representatives said Congress should give
companies incentives to boost their cyber defenses, but that
tougher regulation may be warranted to protect critical
facilities like power and water plants.
Recommendations in the report, which was released on
Wednesday, can "reasonably be acted upon during this Congress,"
which ends in January 2013, said the task force of 12
Republicans headed by Representative Mac Thornberry.
Senate Democratic Leader Harry Reid's office is overseeing
the drafting of a comprehensive cybersecurity bill aimed at
combating breaches and theft from company and government
computer networks. But progress has been slow.
The Thornberry report appeared to reject Reid's
comprehensive approach, arguing for a more piecemeal strategy
to avoid unintended consequences.
"We think that it is very important that you get the
details right," Thornberry told Reuters.
The report also appeared to be skeptical of government
regulation to strengthen cyber defenses with the exception of
critical facilities like nuclear power, electricity, chemical
and water treatment plants.
"Congress should consider carefully targeted directives for
limited regulation of particular critical infrastructures," the
Thornberry report said.
Lawmakers have considered several cybersecurity bills in
recent years, but failed to pass any despite a growing sense of
urgency following hacking attacks on Google Inc (GOOG.O);
Lockheed Martin Corp (LMT.N), the Pentagon's No. 1 supplier;
Citigroup (C.N); the International Monetary Fund and others.
Among the many obstacles to cyber legislation are
overlapping jurisdictions in Congress and disagreement over how
much a role government should play in regulating and protecting
private networks.
Congress, meanwhile, has spent much of the recent months in
bitter battles over the budget and national debt.
Paul Smocer of the Financial Services Roundtable, which
represents banking, securities, investment and insurance firms,
said a cyber bill "probably has a better chance now than it's
ever had" in spite of Washington's rancor over debt and taxes.
"Obviously Congress is dealing with a lot of key issues.
But we are seeing some momentum behind the introduction of
legislation and in its consideration, more so than we have seen
in quite a while," he said.
Cameron Kerry, the Commerce Department's general counsel,
said on Tuesday there was "a good chance" that some significant
cybersecurity legislation could win approval by March.
"This is a difficult political environment to get things
done but you've seen that there are times that you can get
bipartisan agreement on legislation," he said.
COSTING BUSINESS
The Ponemon Institute said in an August report that cyber
attacks cost U.S. and multinational organizations $1.5 million
to $36.5 million per year for each of the 50 companies
surveyed.
The National Association of Manufacturers, which represents
11,000 companies, said Congress should avoid "imposing a
prescriptive regulatory framework" and instead put forward
incentives for firms to get fully up-to-speed on cyber
security.
But Howard Schmidt, the top White House cyber official,
said putting into law "established good business processes" was
needed to ensure that lights stay on, water is drinkable and
phones work if tech-savvy criminals target the computer
networks that make public utilities vulnerable to attack.
The House report also urged legislation to improve
information sharing between the government, Internet service
providers, or ISPs, ISP customers and others in a position to
know about malicious traffic on networks.
The administration is beginning a similar effort by
creating guidelines for ISPs to notify customers whose
computers have been wrangled into a botnet, essentially a
network of computers disseminating malicious software
unbeknownst to their owners.
Thornberry liked the idea. "I think that's a wonderful
development," he said. "To what extent the government should be
involved, that's not quite clear."
(Editing by Eric Beech)