- Strong quake hits Japan, triggering tsunami
- Sniper heaven: Pentagon’s self-guided bullets leave enemies nowhere to hide
- Violent gang taking advantage of immigration crisis, using border as recruiting hub
- Medicaid enrollment continues to soar under Obamacare, administration says
- Michelle Obama to Latinos: ‘We cannot afford to wait on Congress’ for immigration
- White House urges GOP to act ‘urgently’ on $3.7 billion request for illegal immigrants
- Politicians, criminals using ‘right-to-be-forgotten’ law EU courts forced upon Google
- Combat fatigue: elite special forces troops are ‘fraying,’ Gen. Joseph Votel warns
- German foreign minister to meet Kerry to discuss spying claims
- Florida police spokesman tells citizens: ‘Get yourself some firearms’
Bigger US role against companies’ cyberthreats?
Question of the Day
WASHINGTON (AP) - A developing Senate plan that would bolster the government’s ability to regulate the computer security of companies that run critical industries is drawing strong opposition from businesses that say it goes too far and security experts who believe it should have even more teeth.
Legislation set to come out in the days ahead is intended to ensure that computer systems running power plants and other essential parts of the country’s infrastructure are protected from hackers, terrorists or other criminals. The Department of Homeland Security, with input from businesses, would select which companies to regulate; the agency would have the power to require better computer security, according to officials who described the bill. They spoke on condition of anonymity because lawmakers have not finalized all the details.
Those are the most contentious parts of legislation designed to boost cybersecurity against the constant attacks that target U.S. government, corporate and personal computer networks and accounts. Authorities are increasingly worried that cybercriminals are trying to take over systems that control the inner workings of water, electrical, nuclear or other power plants.
That was the case with the Stuxnet computer worm, which targeted Iran’s nuclear program in 2010, infecting laptops at the Bushehr nuclear power plant.
As much as 85 percent of America’s critical infrastructure is owned and operated by private companies
The emerging proposal isn’t sitting well with those who believe it gives Homeland Security too much power and those who think it’s too watered down to achieve real security improvements.
One issue under debate is how the bill narrowly limits the industries that would be subject to regulation.
Summaries of the bill refer to companies with systems “whose disruption could result in the interruption of life-sustaining services, catastrophic economic damage or severe degradation of national security capabilities.”
Critics suggest that such limits may make it too difficult for the government to regulate those who need it.
There are sharp disagreements over whether Homeland Security is the right department to enforce the rules and whether it can handle the new responsibilities. U.S. officials familiar with the debate said the department would move gradually, taking on higher priority industries first.
“The debate taking place in Congress is not whether the government should protect the American people from catastrophic harms caused by cyberattacks on critical infrastructure, but which entity can do that most effectively,” said Jacob Olcott, a senior cybersecurity expert at Good Harbor Consulting.
Under the legislation, Homeland Security would not regulate industries that are under the authority of an agency, such as the Nuclear Regulatory Commission, with jurisdiction already over cyber issues.
“Where the market has worked, and systems are appropriately secure, we don’t interfere,” said Sen. Joe Lieberman, I-Conn., chairman of the Senate Homeland Security and Governmental Affairs Committee. “But where the market has failed, and critical systems are insecure, the government has a responsibility to step in.”
The bill, written largely by the Senate Commerce, Science and Transportation Committee and the Senate homeland panel, is also notable for what it does not include: a provision that would give the president authority to shut down Internet traffic to compromised Web sites during a national emergency. This `”kill switch” idea was discussed in early drafts, but drew outrage from corporate leaders, privacy advocates and Internet purists who believe cyberspace should remain an untouched digital universe.
While the Senate is pulling together one major piece of cybersecurity legislation, the House has several bills that deal with various aspects of the issue.
TWT Video Picks
By Robert N. Tracci
Congress must use its appropriations power to secure the border
- Pentagon's self-guided bullets leave enemies nowhere to hide
- Violent gang MS-13 taking advantage of immigration crisis, using border as recruiting hub
- A 'new Cold War': China's top paper warns of 'slippery slope' towards conflict with U.S.
- Armed militia sets up Texas command center to 'fight for national sovereignty'
- DOJ investigates Norfolk parade float critical of Obama
- PRUDEN: 'Dirty Harry' Reids increasing eccentricity
- Michelle Obama to Latinos: 'We cannot afford to wait on Congress' for immigration
- NASCAR TV contract back to NBC in 2015, leaving ESPN, Turner Sports
- Google Glass-equipped rifles can fire around corners: It's 'mind-blowing when you actually do it'
- Hamas orders civilians to die in Israeli airstrikes
Obama's biggest White House 'fails'
Celebrities turned politicians
Athletes turned actors
20 gadgets that changed the world
Fighting in Iraq
World Cup's sexiest WAGs