U.S. companies and the federal government would be able to share information about cybersecurity threats more easily under a bill introduced in the U.S. House of Representatives on Tuesday.
The proposed legislation and related bills before Congress respond to widespread and growing concern about incursions into U.S. networks by hackers looking to steal everything from state secrets to credit card numbers to intellectual property.
The bill sponsored by Representatives Mary Bono Mack and Marsha Blackburn, both Republicans, increases penalties for hacking into servers and removes roadblocks that prevent government security experts from discussing threats with their counterparts at Internet service providers and other companies.
The House bill introduced on Tuesday is very similar to legislation in the Senate proposed by Sen. John McCain earlier this month.
With members of both parties jockeying for position in advance of the November 6 election, it is likely to be tough to pass any major legislation this year. Still, experts are hopeful the two chambers will agree on some sort of cybersecurity bill because lawmakers on both sides of the aisle believe it is needed.
Many security bills
Rep. Jim Langevin called the Bono Mack bill thoughtful, but inadequate. In particular, he criticized its reliance on a voluntary approach to address vulnerabilities in critical infrastructure such as the electric grid.
“That approach has failed us over the last decade,” he said in a statement. “We need swift action to compel these companies to invest in our national security before it’s too late.”
Langevin has co-sponsored legislation that would establish cybersecurity standards for critical, private networks.
The House is also considering a bill introduced by Representative Mike Rogers, the Republican chairman of the U.S. House of Representatives intelligence committee, and the panel’s senior Democrat, Representative C.A. “Dutch” Ruppersberger.
That bill would allow the National Security Agency, for example, to tell internet service providers about different cyber threats the intelligence agency has detected so the ISP can then block traffic to its customers from anything with that signature.
On the Senate side, there is a comprehensive bill supported by Senate Majority Leader Harry Reid that would require upgrades in security for critical national infrastructure to prevent a catastrophic attack on the nation’s water supply, electric grid, financial networks and transportation infrastructure.
The legislative efforts follows a spate of high profile hacks that have alarmed experts. Victims have included defense contractors such as Lockheed Martin Corp, Web search leader Google Inc, Citigroup Inc and exchange operator Nasdaq OMX.
Politicians have not been immune. In 2008, hackers targeted both President Barack Obama and McCain’s presidential campaigns.
The White House is eager to see cybersecurity legislation, but Howard Schmidt, the White House cybersecurity policy coordinator, has said the federal government could do more even without legislation. As one example, the Department of Energy could push harder to prompt electric utilities to ward off hacking intrusions.