A senior Republican senator on Thursday insisted there is no partisan dissent over the need for a strong national cybersecurity policy but added that a Democratic-backed cyber bill that is stalled in the Senate is not the answer.
In a blog post in yourhoustonnews.com, U.S. Sen. Kay Bailey Hutchison noted that cybersecurity is a matter of "vital national importance" to both parties.
"Experts have long cited cyber-terrorism as one of the potentially most dangerous threats to national security," Hutchison said while noting the potentially "devastating" consequences of attacks against U.S. power grids, financial institutions and other targets. "The question is not whether we act to prevent such attacks, the question is how we act," she said in the blog.
Hutchison said a White House-backed bill called the Cybersecurity Act, authored by Sens. Joseph Lieberman (I-Conn.) and Susan Collins (R-Maine), takes the wrong approach to addressing cyberthreats.
The bill calls for the creation of a national standard for securing critical cyber assets and would enable better threat-information sharing between private companies and government agencies. The proposed legislation is stalled in Congress over Republican concerns that it would give the U.S. Department of Homeland Security too much control over cybersecurity matters while forcing private companies to adopt government prescribed standards.
Hutchison reiterated some of those concerns in her blog. The bill would provide "weak" legal liability protections for companies that want to cooperate with one another and "pre-determined government mandates would decide what cyber information should be shared by government," she said.
In contrast, the GOP-backed SECURE IT bill , authored by Hutchison, John McCain (R-Ariz.) and five other senators is a better option, she argued. "The bill authorizes essential legal liability and antitrust protections for companies that want to work together to combat cyber threats," and requires government agencies to share relevant information with them.
"The SECURE IT sponsors are concerned that the Lieberman-Collins bill would deter cooperation rather than encourage it. And we worry that it ignores cybersecurity's biggest challenge: constantly and rapidly evolving technological threats," Hutchison said.
The blog post comes two days after Hutchison and the other sponsors of the SECURE IT bill issued a joint statement expressing disappointment over the Senate's failure to pass bipartisan security legislation as the House had done earlier this year with the controversial CISPA bill.
Before Congress adjourned for its August recess, lawmakers from both parties had shared a commitment to work toward a compromise bill that would gain bipartisan support in the Senate, the statement said. But that didn't happen, and a premature vote on the bill was forced in the Senate instead, the statement claimed. "When it returns next month, the Senate should address cybersecurity, but not in the 'take it or leave it' manner the Majority Leader pursued," before the recess.
The statement and Hutchison's blog post are unlikely to do anything to resolve the bipartisan divide in the Senate over cybersecurity legislation. The original Cybersecurity Act proposal has already been heavily revised to accommodate concerns but still remains unacceptable, while SECURE IT so far has failed to gain much traction among Democratic lawmakers.
The White House has already indicated that it is considering the use of an executive order to protect critical networks if Congress fails to pass broadly acceptable cybersecurity legislation in a timely manner. The timing of such an action remains unclear.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is email@example.com.
Read more about cyberwarfare in Computerworld's Cyberwarfare Topic Center.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.