House Lawmakers Offer Disparate Perspectives on Cybersecurity Debate
Reps. Jim Langevin, D-R.I., and Lee Terry, R-Neb., outlined different visions for greater U.S. cybersecurity in separate interviews which were scheduled to be aired on C-SPAN’s The Communicators Saturday. Despite acknowledging the urgent need for better cybersecurity and privacy protections, the lawmakers differed over what they thought the government’s role should be in shoring up critical infrastructure sectors from cyberattacks.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Langevin, former chairman of the House Cybersecurity Subcommittee, said he supports federal legislation that both increases public/private sector cyberthreat communication and compels the owners of critical infrastructure systems to upgrade their cybersecurity posture. “The electric grid in my opinion is not adopting strong enough robust cybersecurity protections and that leaves them incredibly vulnerable to a cyberattack that could … do massive damage to the economy and potentially loss of life.” Langevin is a co-founder of the Congressional Cybersecurity Caucus and the author of the Executive Cyberspace Coordination Act (HR-1136).
Terry urged an approach that shuns federal cybersecurity regulations for private companies. Setting regulations would “freeze industry in place while the hackers and attackers go right around them,” he said. “What we are looking at is breaking down barriers to empower [the] private sector,” said Terry, a member of the House Communications Subcommittee cybersecurity working group (WID March 21 p1).
One particularly contentious issue is whether lawmakers should give the Department of Homeland Security the authority to coordinate the nation’s response to a cyberattack. When asked whether DHS was the right vehicle for monitoring cybersecurity, Terry said: “Hell no! Frankly it flies in the face of industry … if they have to communicate with Homeland Security or with the permission of Homeland Security you have defeated the whole purpose of making them nimble,” he said. “It’s about sharing information instantaneously, and involving our government agencies into that decision making process is counterproductive.”
Langevin found the idea of giving DHS more authority to collaborate between the private sector and the government on cybersecurity matters less abhorrent. He said a better option would be a new cybersecurity position in the White House with more direct authority to “coordinate and implement cybersecurity protections. … We need to have an agency that has cybersecurity as their primary focus but also an entity that has policy and budgetary authority to compel the adoption of robust cybersecurity standards.”
While neither thought the Senate approach was the best option, Langevin supported S-2105 because he said it urges stronger cybersecurity standards and increases public/private sector communication on classified cyberthreat information. “We can’t let the perfect be the enemy of the good,” he said. Langevin added that the SECURE IT Act (S-2151), introduced by Sen. John McCain, R-Ariz., “doesn’t get us to where we really need to be."
Langevin and Terry said there is broad support for the House Cyber Intelligence Sharing and Protection Act (HR-3523), a bill they both sponsored. House Select Committee on Intelligence Chairman Mike Rogers, R-Mich., and Ranking Member Dutch Ruppersberger, D-Md., authored the 11-page bill, which encourages voluntary, anonymous cyberthreat information sharing between industry members and the government. Telecom groups and service providers hailed the legislation, saying it won’t impose regulatory burdens on industry members (WID Dec 1 p4), but privacy groups warned that it could expand the government’s monitoring of private communications (WID Dec 2 p3).
Both Terry and Langevin agreed that privacy issues must be carefully considered in whatever bill moves forward on the House side. Cybersecurity legislation should have the “lightest touch possible and always respecting civil liberties and privacy concerns,” Langevin said. “We have to work with the civil liberties groups to instill confidence that we are doing this the right way.”
"Anytime we start looking at monitoring packets of information flowing through the system you are going to raise the red flag of privacy,” Terry said. “So what we have to be is careful about it.” He suggested that any information sharing between the private sector and the federal government should go through an independent, non-governmental clearinghouse.