Democrats hope to persuade opponents to revisit cybersecurity legislation by citing a recent speech by Defense Secretary Leon Panetta on devastating cyberattacks on businesses in the Middle East.
With Congress at loggerheads over the issue, the White House is weighing whether to issue an executive order. Several Democrats have encouraged the White House to explore the matter, while Republicans have urged the administration to back off.
The bill championed by Lieberman and Homeland Security and Government Reform ranking member Susan Collins (R-Maine) was derailed in August when it did not win enough votes to cut off debate. The bill was the product of intense negotiations, and the result was a bill that asked companies to voluntarily comply instead of requiring them to take several security precautions.
The measure’s fiercest critic is the U.S. Chamber of Commerce, which is wary of new regulations that could hurt businesses, and the group remains opposed to the bill, according to a spokesman.
“There are several elements that our members disagree with, but we are committed to finding a solution,” the spokesman said.
In the first half of 2012, the chamber reported nearly $43 million in lobbying expenditures, but that figure includes money spent on advocacy and voter education in Washington, D.C., and around the country.
Republicans, including Sen. John McCain (Ariz.), have also been critical of the proposal. McCain has crafted his own cybersecurity bill.
Reid’s statement was spurred by a speech last week delivered by Panetta to the nonpartisan organization Business Executives for National Security. Panetta detailed recent devastating cyberattacks on businesses in the Middle East. Intelligence officials believe those attacks were perpetrated by Iran.
“In recent weeks, as many of you know, some large U.S. financial institutions were hit by so-called ‘Distributed Denial-of-Service’ attacks,” Panetta said. “These attacks delayed or disrupted services on customer websites. While this kind of tactic isn’t new, the scale and speed was unprecedented.”
“But even more alarming is an attack that happened two months ago, when a sophisticated virus called Shamoon infected computers at the Saudi Arabian state oil company, Aramco,” Panetta continued. “Shamoon included a routine called a ‘wiper,’ coded to self-execute. This routine replaced crucial system files with an image of a burning U.S. flag. It also put additional garbage data that overwrote all the real data on the machine.”
The attack rendered useless more than 30,000 computers, which had to be replaced, according to Panetta, who added that a similar attack on a “major energy company in the region” was launched a shortly after.
“All told, the Shamoon virus was probably the most destructive attack that the private sector has seen to date. Imagine the impact an attack like this would have on your company,” Panetta said.