House Passes Cybersecurity Bill

CybersecurityCongress moved toward gridlock over how to improve the security of the nation's computer networks when the House of Representatives approved a measure opposed by the White House and at odds with Senate efforts on the issue.

Source: Source: WSJ | Published on April 27, 2012

House passage of its measure, the Cyber Intelligence Sharing and Protection Act, came on a 248-168 vote Thursday and was supported by both Republicans and Democrats.

The House vote came despite a warning by the White House that senior advisers would recommend a presidential veto if the measure also passed the Senate, which is considered unlikely.

The White House prefers a Senate bill that would concentrate cybersecurity efforts in the Department of Homeland Security and would require companies to bolster security for critical infrastructure, such as electrical and water systems. The House bill only facilitates the swapping of threat data between private companies and the National Security Agency and other government departments.

The House version also was criticized by civil-liberties groups that said its provisions allowing businesses to share information with the government to improve cybersecurity could compromise American citizens' privacy. The American Civil Liberties Union called it "a dangerously overbroad bill that would allow companies to share our private and sensitive information with the government without a warrant and without proper oversight."

The Obama administration says cybersecurity should be overseen by civilian agencies. The Senate bill favored by the White House and supported by Democrats and Sen. Susan Collins (R., Maine), would place Homeland Security officials in charge of the effort.

However, the Senate measure is opposed by business groups because of requirements that businesses adopt measures to improve security, steps executives see as burdensome.

The twin controversies—whether to regulate security and whether a civilian agency should head up the effort—seem likely to snarl efforts to plug the growing gaps in network security.

Earlier attempts at cybersecurity legislation drew broad, bipartisan support but little momentum. In the past year, the debate has grown more polarized over whether government should play a larger role in requiring businesses to strengthen their cybersecurity.

House sponsors of the legislation cast it as a necessary first step in the process to protect American networks from groups in places like China and Russia who are pilfering intellectual property from U.S. businesses. Government and industry experts warn that as cyberattack tools become more widely available, capabilities once reserved for governments could extend to rogue states, terrorists or so-called hacktivist groups.

Setting aside the criticism, House Speaker John Boehner (R., Ohio) said: "The House put together a strong bill that will help stop cyberattacks that threaten our economy and our privacy while keeping the Internet free from government control."

But sponsors of the leading Senate measure said Friday that the House should have included provisions to protect computer systems running critical infrastructure, as the Senate bill does.

"These systems are at risk—no one contests that—which means the American people are at risk," said the sponsors, Sens. Joe Lieberman (I., Conn.), Jay Rockefeller (D., W.Va.), Dianne Feinstein (D., Calif.) and Ms. Collins.