The U.S. House of Representatives raised the stakes in a debate with the White House over how best to improve the nation’s cybersecurity, passing a bill President Barack Obama called too weak and threatened to veto.
The Cyber Intelligence Sharing and Protection Act passed the House by 248 to 168 yesterday. The measure, introduced by Representative Mike Rogers, a Michigan Republican who heads the House Intelligence Committee, encourages the government and companies to voluntarily share data on cyber threats and gives businesses legal immunity for such exchanges.
“We can’t stand by and do nothing as U.S. companies are hemorrhaging from the cyber looting coming from nation states like China and Russia,” Rogers said in an e-mailed statement after the vote. “America will be a little safer and our economy better protected from foreign cyber predators with this legislation.”
Lawmakers are debating cybersecurity legislation as fears intensify about the ability of cyber spies to steal U.S. intellectual property and the potential for digital disruption of vital U.S. infrastructure.
Hackers and illicit programmers in China and Russia are aggressively pursuing American technology and industrial secrets, jeopardizing an estimated $398 billion in U.S. research spending, the National Counterintelligence Executive, the agency responsible for countering foreign spying on the U.S. government, said in a November report.
The Obama administration “strongly opposes” the Rogers bill in its current form, according to an April 25 policy statement issued by the Office of Management and Budget.
The administration said the measure doesn’t do enough to protect the nation’s critical systems from cyber attacks and would erode privacy safeguards for consumer information. Civil liberties groups initiated a Web protest against the legislation last week, saying it would let too much personal data flow to the government without limits on its use.
“As we’ve seen repeatedly, once the government gets expansive national security authorities, there’s no going back,” Michelle Richardson, legislative counsel for the American Civil Liberties Union, said in an e-mailed statement after the House vote. “We encourage the Senate to let this horrible bill fade into obscurity.”
The White House supports a bill from Senator Joseph Lieberman, a Connecticut Independent, that would put the Department of Homeland Security in charge of regulating cybersecurity of the nation’s vital systems such as power grids and transportation networks. Senate Majority Leader Harry Reid, a Nevada Democrat, has pledged to bring the Lieberman bill to the Senate floor without giving a date.
House Speaker John Boehner, an Ohio Republican, brushed aside the Obama administration’s veto threat yesterday, saying “the White House believes the government ought to control the Internet” by letting government alone set security standards.
Obama administration officials “are in a camp all by themselves” by favoring the creation of a “monster here in Washington to control what we are going to see or not see on the Internet,” he told reporters ahead of the vote.
The speaker called the Republican legislation the first of “common-sense steps to allow people to communicate with each other” to “build the walls that are necessary in order to prevent cyberterrorism.”
House Minority Leader Nancy Pelosi said the Republican- backed measure lacked important protections to safeguard critical infrastructure.
The “very dangerous” omission occurred because Republican leaders “did not want the regulation of the utilities that would truly protect us from a cyber attack,” the California Democrat told reporters before yesterday’s vote.
The House approved a series of amendments to the Rogers bill, including ones aimed at narrowing the types of information that can be shared and limiting what government can do with the data. The chamber approved by a voice vote a separate cybersecurity measure yesterday on updating the government’s information-security controls, and is scheduled to vote today on two cybersecurity research-and-development bills.
The U.S. Chamber of Commerce, the nation’s largest business-lobbying organization, and trade groups including the Financial Services Roundtable back information-sharing between the public and private sectors and oppose new regulations on cybersecurity.
Such data-sharing programs have been attempted since the late 1990s during the Clinton administration and failed to provide any noticeable improvement in security, James Lewis, technology program director at the Center for Strategic and International Studies in Washington, said in an interview earlier this month.
The Rogers bill is H.R. 3523. The Lieberman bill is S. 2105.