Homeland Security Secretary Janet Napolitano urged lawmakers to quickly pass cybersecurity legislation designed to strengthen both government and private computer defenses from attacks. She testified before the Senate Homeland Security Committee on the Cybersecurity Act of 2012, bipartisan legislation that would give the Homeland Security Department power to identify vulnerabilities and set regulations requiring operators of critical networks to improve security or face penalties. Former Homeland Security Secretary & now head of the Chamber of Commerce National Security Task Force expressed reservations on the legislation and warned against over regulating business.
The bipartisan Cybersecurity Act, introduced this week by Senators Lieberman (I-CT), Rockefeller (D-WV), Feinstein (D-CA) and Collins (R-ME), requires DHS to identify critical infrastructure and forces private companies to protect sensitive networks vulnerable to cyber attacks.
The bill does not contain a "kill switch" that Republican senators objected to. That measure would have given the President emergency powers to seize private online networks.
The bill also requires the State Department to identify cyber threats and reward foreign aid to cooperative governments while issuing sanctions against those governments that do nothing to stop cyber attacks.
In the first panel Sen. Rockefeller and Sen. Feinstein, co-sponsors of the Cybersecurity Act of 2012, expressed sincere concern that critical U.S. systems are in eminent danger from cyber threats. Sen. Rockefeller compared this to the time before 9-11 when various U.S. governmental organizations knew that there was a problem, but didn't connect the dots until it was too late.
Secretary Napolitano testified in the second panel and said that this legislation would improve DHS's ability to address the threats of cybersecurity. She said that the current threat outpaces the authority of the DHS.
During a Q&A with Secretary Napolitano, Sen. John McCain criticized the process for not being open and said that the legislation didn't have a single markup. He also expressed concerns with the cost of the bill.
In the third panel Former Homeland Security Secretary Tom Ridge, who is now with the Chamber of Commerce, said that he thought the legislation may overregulate business. He also praised changes made to the legislation based on concerns stemming from the cyber attack on the Chamber of Commerce by Chinese hackers.
Stewart Baker, partner at Steptoe & johnson, said that he supports the bill because it will make us more secure. He compared the day after a cyber attack to the aftermath of Hurricane Katrina.
James A. Lewis, director and senior fellow, Technology and Public Policy Program, Center for Strategic and International Studies, warned that people are trying to create loopholes and weaken legislation. He warned against setting the threshold to high because it will simply let cyber attackers know who and what they should target.
Scott Charney, corporate vice president of Trustworthy Computing Group, Microsoft Corp, expressed his support of the bill.