CybersecurityTexas lawmakers on the Hill lead drive for cybersecurity legislation

After recent high-profile cyberattacks on the U.S. private sector, Congress has been tasked with passing legislation that will address cybersecurity concerns including how the private sector should report data breaches to regulators and how the U.S. government should respond to state-sponsored cyberattacks. The Dallas Morning News reports that three Texas Republican lawmakers, through leadership roles in committees and subcommittees, have been charged with exploring solutions to those concerns. “It’s all very cutting edge, kind of a new frontier. A wild West if you will,” said Representative Michael McCaul, chairman of the House Committee on Homeland Security and co-chair of the Congressional Cyber Security Caucus. “It has not been addressed by Congress, and it needs to be.”

McCaul is working with freshman Representatives Will Hurd, chairman of the IT Subcommittee of the House Oversight Committee,- and John Ratcliffe, chairman of the Homeland Security Subcommittee on Cybersecurity, to solve the most pressing cybersecurity issue facing the country. “The biggest issue is refining what the problem is and putting together how do we address that problem, and how do we establish a flexible framework that evolves with the evolving threat,” Hurd said.

In the absence of congressional action, the private sector has been responding in several ways to cyber breaches. Some companies have launched retaliatory acts against cybercriminals, and some, including Apple and Google, have committed to encrypting all customer communication, making it difficult for even law enforcement agencies to retrieve data from suspected criminals’ devices.

“Companies aren’t always going to sit back and take it. They’re going to respond, and not ask for permission but beg for forgiveness,” said McCaul.

The lawmakers are particularly concerned because hackers, no longer limited to identify theft or credit card fraud, can now target critical infrastructure such as power grids and water supplies, as well as wireless networks of medical devices in hospitals. “You tap that network, you alter someone’s insulin shots, boom. You kill a lot of people,” Ratcliffe said. “There have been significant events, but there are far worse scenarios that could happen to us … where you’re really talking about people’s lives immediately at risk,” he added.

Hurd, a former CIA agent, adds that “If North Korea launched a missile into San Francisco Bay, the North Koreans and the American people know how we would respond.”

“But what’s a digital-on-digital attack? And what are the appropriate responses?” he asked.

The three Texas Republicans agree with the White House’s top three cybersecurity policy priorities: promote cyber information sharing between government agencies and the private sector, improve cyber tools for law enforcement, and establish a national standard for consumer notification after data breaches. They stress the importance of cyber information sharing with government agencies but say that companies are hesitant to do so for fear of lawsuits.

Ratcliffe wants the government to protect companies who share cyber breach information with federal agencies. No other cyber legislation will proceed without such protection, he said. “Right now, all of this is only still in theory because those liability protections are not in place,” Ratcliffe said. “That is the overriding priority and goal of what I’ll be doing in this role. And our success will be defined on whether or not we accomplish that.”

Larry Clinton, president and chief executive of the Internet Security Alliance, said that the focus on better information sharing is “being vastly overemphasized in the current conversation in Congress.”

“Information-sharing … needs to be understood as a good tool to have in the toolbox, but not really a game changer,” Clinton said, adding that he would rather have Congress put effort on increasing the public’s level of cybersecurity literacy and empowering law enforcement to catch more cyber criminals.