Recently, U.S. House Intelligence Committee Chairman Rep. Mike Rogers, R-Mich., prodded his Senate colleagues to move forward with a piece of legislation that has vital implications for the security of individuals, businesses and our nation as a whole. Speaking at George Washington University, Rogers addressed the need for the Senate to pass a comprehensive cybersecurity bill. The House has already passed their own bill, the Cyber Intelligence Sharing and Protection Act, which facilitates increased information sharing about cyber-threats between government and the private sector. The Senate, however, must produce its version so that the two can go to conference committee and produce meaningful legislation that can be signed into law.
Rogers cautioned that we may be running out of time to get this done: “If we don’t have something moving by August, I think it gets lost in the haze,” he said, “and it will be a very long time until we actually get a bill passed that will actually have an impact.”
Rogers has the experience to support his views. He’s served in the U.S. House of Representatives since 2001 as chairman of the Intelligence Committee since 2011 and in the FBI for five years prior to being elected to Michigan’s legislature in 1994. Rogers knows as well as anyone how much things grind to a near-total halt in D.C. during the “haze” of August when Congress goes on its long recess. He is correct in urging cybersecurity legislation now as it will likely be especially difficult to pass substantive legislation – like a cybersecurity bill –because it is a midterm election year. This is a risk we cannot afford to take.
In our uber-connected world, cybersecurity concerns should matter to every American. Rogers noted that he’d hoped the serious cybercrime committed against Target last year – where hackers may have the stolen personal data of as many as 110 million customers – might have served as a wake-up call to the public, but apparently it hasn’t.
This is most unfortunate, because the public should understand how grave these risks truly are. At major risk are information from businesses and their customers, hard-developed intellectual property, and national security secrets. The information technology bandits know no boundaries and they may even be working for foreign governments hostile to the United States of America and our way of life. Very recently, the United States filed charges against five Chinese men believed to be working for the People’s Liberation Army who hacked into American companies’ computer systems. These men were not lone wolves – they are believed to be part of an elite hacker force within the Chinese military. We need a comprehensive cybersecurity bill that allows the public and private sectors to better share information without fear of retribution in order to face these threats.
There are some signs of hope that the Senate may yet act in time. In April, Sens. Dianne Feinstein, D-Calif., and Saxby Chambliss, R-Ga., the chairwoman and ranking member of the Senate Intelligence Committee, struck an agreement on draft language for a bill that follows the basic principles of greater information sharing and liability protection for companies as they address their cybersecurity concerns. In the wake of the Target cybersecurity breach, committee Chairman Robert Menendez, D-N.J., said, “consumers depend on the companies and financial service providers with whom they do business to protect their sensitive information.”
There does appear to be bipartisan support among their colleagues for at least some increased cybersecurity measures. Sens. Tom Coburn, R-Okla., and Edward J. Markey, D-Mass., for instance, have both been active and vocal about the need to better protect our nation’s infrastructure from cyberattacks. Coburn published a report in February that highlighted “serious vulnerabilities in the government’s efforts to protect its own civilian computers and networks, and the critical, sensitive information they contain.” Markey, for his part, introduced the Grid Reliability and Infrastructure Defense Act in March, which would give the government greater authority to protect the country’s electrical grid.
As for the House, Chairman Rogers himself is “cautiously optimistic,” and if the Senate were to pass a cybersecurity bill, he promised “the fastest conference committee known to man.” Hopefully, he will have the chance to make good on that promise. As the case of the “PLA Five” hacker gang shows, there’s not a moment to lose.
Javier Ortiz is a principal at Crane & Crane Consulting, an advisor on public policy and regulations for a D.C.-based global law firm, and recently spoke on the Cybersecurity Landscape panel hosted by the U.S. Securities and Exchange Commission.