Graham Urges Congress To 'Get More Serious' on Cybersecurity Legislation
Senate Judiciary Committee Crime and Terrorism Subcommittee Chairman Lindsey Graham, R-S.C., urged Congress to “get more serious” about cyberthreats in the wake of the Office of Personnel Management data breach and other recent cyberattacks, saying during a subcommittee hearing that the Senate needs to move ahead on cybersecurity legislation. Graham and Senate Terrorism ranking member Sheldon Whitehouse, D-R.I., held the hearing Wednesday on a draft bill that would update portions of the Computer Fraud and Abuse Act in response to CFAA-related legislative proposals from the White House and the Department of Justice. Other Senate Terrorism members and industry executives who testified at the hearing also pushed passage of the controversial Cybersecurity Information Sharing Act (S-754) and national data breach notification legislation.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Senate Majority Whip John Cornyn, R-Texas, said during the hearing that he's “hopeful that we will take up” S-754 by the end of July, before Congress begins the August recess. Senate consideration of S-754 has been stalled, with Senate Majority Leader Mitch McConnell, R-Ky., withdrawing an amendment in June from the FY 2016National Defense Authorization Act (S-2410) that would have added S-754's language to that bill. Only 56 senators voted in favor of limiting debate on the amendment (see 1506110050).
Sen. Amy Klobuchar, D-Minn., also indicated her interest in S-754 during the hearing, but noted privacy advocates' concerns with the bill. Deputy Assistant Attorney General David Bitkower said the Obama administration is aware of privacy advocates' concerns with S-754 and said the White House plans to continue working with the Senate on the bill. Congress needs to pass a “three-legged stool” of cybersecurity legislation to make a true difference in combating cybercrime, including a bill to improve cybersecurity information sharing, said David Johnson, American Bankers Association senior vice president and chief adviser-payments and cybersecurity policy. National data breach notification standards and legislation to improve law enforcement against cybercriminals are also necessary, he said. Bitkower and Johnson said they support the Graham-Whitehouse draft CFAA update legislation.
Uncertainty about several technical problems in New York, which affected the New York Stock Exchange, United Airlines and The Wall Street Journal website on Wednesday, led Senate Commerce Committee leadership to consider cybersecurity vulnerabilities and the need for legislation. Those problems ultimately were not cyberattacks.
Senate Commerce ranking member Bill Nelson, D-Fla., intentionally waited near reporters Wednesday to address the issue on his way to a vote in the Capitol. “When are we going to wake up and start to have some cybersecurity legislation?” Nelson asked. He said he suspected the technical problems at United and other entities were cyberattacks but conceded he had no insider knowledge of the events. “I have no idea, but it’s a strange coincidence that all of them have happened in New York within a matter of minutes,” Nelson said. “I do have some knowledge about cybersecurity.” Nelson also tweeted his concern: “Three major computer malfunctions on same day give appearance of an attack, serve as reminder Congress must pass a cybersecurity bill.”
“I think that we’re always concerned about the level of activity that’s going on -- the hacking, the cyberattacks, the attempts to bring down our infrastructure,” Senate Commerce Chairman John Thune, R-S.D., told reporters. “I hope we can get to a cyber bill. I hope we can couple with that data breach legislation, so we’re as well positioned as possible to prevent the types of attacks on our infrastructure that could really make it difficult for us, whether that’s financial services, whether that’s the electric grid. It’s a very complicated world now.”