The White House and the U.S. Chamber of Commerce dug in toopposing positions on cybersecurity legislation yesterday asfederal officials escalate warnings about hacker threats to thenation.

An executive of the Chamber of Commerce, the largest U.S.business lobby, backed a voluntary system to let the government andindustry share cyber threat information during a panel discussionat the National Press Club in Washington.

White House Cybersecurity Coordinator Michael Daniel stoodbehind the goal of President Barack Obama's administration tocreate cybersecurity standards for companies that operate powergrids, chemical plants and other assets considered critical to U.S.national and economic security.

“We want to ensure that those companies and owners of thoseassets are actually bringing their cybersecurity up to a sufficientlevel,” Daniel said.

There are pieces of infrastructure that, if crippled by a cyberattack, could damage the country and the economy, Daniel said.

Senate Republicans in August blocked a cybersecurity bill backedby Obama that would have set voluntary cybersecurity standards forprivately-owned critical systems. The bill also would haveencouraged companies and government to share information on cyberthreats.

Republicans and the Chamber of Commerce opposed the measure,saying standards would be a back door to government regulation ofcompanies and wouldn't keep pace with evolving threats incyberspace.

“Whether you want to call it light touch, voluntary, in itsimplementation we still believe it would be more of a regulatoryapproach,” Ann Beauchesne, the chamber's vice president of nationalsecurity and emergency preparedness, said at the panel discussion.“We just don't see that as the right tack to take.”

The chamber supports a measure focused solely on informationsharing that passed the Republican-controlled House ofRepresentatives in April, Beauchesne said. Minimum standards forcybersecurity should be developed by industry, not government, andshould vary for different sectors, she said.

Obama's administration may issue an executive order toaccomplish some of the goals of the bill it supports, while sayingit can take only limited action on its own and urging lawmakers toact. Senate Majority Leader Harry Reid, a Nevada Democrat, haspledged to bring the Obama-backed measure to the Senate floor againduring a post-election lame-duck session of Congress.

Cyber Threat

The Obama-backed bill's lead sponsors are Senators JoeLieberman, a Connecticut independent, and Susan Collins, a MaineRepublican. Lieberman, who isn't seeking re-election, is chairmanof the Senate Homeland Security and Governmental Affairs Committee.Collins is the panel's top Republican.

U.S. Defense Secretary Leon Panetta in a speech this monthfaulted Congress for failing to act on comprehensive cybersecuritylegislation, saying computer assaults by other countries orextremist groups could be as destructive as the Sept. 11 terroristattacks.

Panetta pointed to recent cyber attacks, including a series ofdistributed denial-of-service assaults on the websites of majorU.S. banks and an attack on the computer network of Saudi ArabianOil Co., known as Saudi Aramco, as “significant escalation” of thethreat.

Referring to news reports that the Saudi Aramco attack wascarried out by a company employee, Joseph Rigby, chief executiveofficer of Pepco Holdings Inc., said internal threats are “veryhigh on our list of awareness and concern.”

“People that have their hands on or have access to theinfrastructure, we're doing background checks, we're doing securitychecks, things like that, but people's personalities change, what'shappening in their lives,” Rigby said. “You have to be very, verydiligent around what your people are doing.”

Daniel, the White House cybersecurity coordinator, and otheradministration officials have been meeting with lawmakers andindustry representatives about a possible executive order.Republican senators including John McCain of Arizona and Kay BaileyHutchison of Texas oppose the White House taking unilateral action,saying the issue should be handled in Congress.

An executive order probably won't be issued before the Novemberpresidential election, Daniel said earlier this week. He declinedto comment on timing beyond that.

“Traditionally in security, societies assign that responsibilityto their government,” Jane Holl Lute, deputy secretary of homelandsecurity, said at the panel discussion. “In cyberspace there havebeen no assignments yet made.”

Bloomberg News

Copyright 2018 Bloomberg. All rightsreserved. This material may not be published, broadcast, rewritten,or redistributed.