Republican congressmen Wednesday produced a road map for new laws to protect cyberspace from hackers, criminals and foreign enemies, saying voluntary information-sharing arrangements and incentive-based policies are better than new regulations.
The House Cyber Security Task Force warned that the U.S. faces a variety of cyberspace threats “from vandalism and petty crime to, potentially, cyberwarfare and cyberterrorism, but we may not be able to tell which it is at the moment of attack.”
Although the issue “not [being] at the top of the public’s expressed priorities,” the task force advocates new laws to help secure the nation’s computer networks from attacks.
The task force recommends a piecemeal approach, saying that each of the nine committees with cybersecurity jurisdiction should produce their own bills, rather than aiming for a single comprehensive law, as the Senate has been trying to do.
“Starting with incentives, information sharing and updating some key laws can lead to real progress, rather than more gridlock, like we have seen with larger proposals,” said Rep. Mac Thornberry, Texas Republican and task force chairman.
Successive administrations and congresses have wrestled with the thorny issue of cybersecurity, which is at the same time a national security threat, a law enforcement challenge, a technological problem and an economic policy issue.
Although an Internet-based attack could be part of a military offensive, for instance, the infrastructure that would carry such an attack is mostly owned by private companies - not all of them American - on which huge sections of the global economy might rely for their profitability.
Mainly because the issue implicates the authorities and jurisdictions of so many different federal departments and agencies - not to mention congressional committees - successful legislative action has proved elusive.
“The Senate has been attempting for almost two years to cobble together a comprehensive cyberbill behind closed doors,” said Larry Clinton of the Internet Security Alliance, a trade association that represents firms with an interest in cybersecurity and advocates an incentive-based model for policy.
“We’ve seen nothing from the Senate,” he said, “not even a draft bill.”
Sen. Joe Lieberman, Connecticut independent and chairman of the Senate Homeland Security Committee, “remains committed to a comprehensive bill” on cybersecurity, said a committee staffer.
Asking whether there would be cybersecurity legislation this year “is like asking me which lottery ticket to buy,” White House cybersecurity coordinator Howard Schmidt said this week at the Center for Strategic and International Studies think tank in Washington.
Nonetheless, other officials say there is a good chance for some progress this year.
“There is a good chance that at least some elements of the that [legislative package in the Senate] will pass” through Congress and to the president’s desk, said Cameron Kerry, general counsel for the Commerce Department.
Mr. Clinton said there are several issues that represent “low-hanging fruit” where “there is broad consensus about the way forward … both between the parties and between the government and private sector.”