WASHINGTON – The head of the House Committee on Intelligence called Wednesday for Congress to pass legislation that would allow federal cybersecurity officials to more easily share information with private companies so they could defend against the rising number of cyberattacks on the United States.
Rep. Mike Rogers, a Michigan Republican, declared repeatedly that “we are in a cyberwar and we’re losing,” citing the threat of cyberattacks from foreign nations that he believes is growing “exponentially.”
These attacks often involve foreign nations or companies hacking into American online networks and disrupting the networks’ ability to function. Rogers noted a case in 2012 in which cyberattackers in Iran hacked into a Saudi Arabian oil company’s network and wiped data off of 30,000 machines, debilitating the company’s ability to produce oil.
He called on Congress to pass a version of the 2012 Cybersecurity Act, a bill that passed the House of Representatives last year but failed in the Senate. The bill would have allowed the federal government to share information about cyberattacks with the private sector.
The ability to share this information would have given American companies the knowledge to prevent up to 90 percent of cyberattacks, Rogers said.
“I don’t believe the government is going to protect your network as well as you’re going to protect your network,” he said.
The 2012 bill had support from both high-tech industries and financial companies, but stalled in the Senate because of concerns in both parties that any sharing of sensitive government data with private businesses would constitute an invasion of privacy.
But Rogers said the legislation would not infringe on civil liberties because the volume of information being shared would be so great that no one would be able to read it all. Instead, computer systems would be given the information in order to automatically update defenses as new threats are recognized.
“We’re talking about exchanging packets of information a hundred million times a second,” Rogers said. “Can anybody read that fast? So some notion that this is a horrible invasion through content reading is wrong.”
Sen. John McCain, R- Ariz., and others spoke out in August against the bill because of complaints about the way the bill was drafted and the lack of opportunity for amendments.
“It is more important to work to get something done right, than just work to get something done,” McCain said.
The 2012 bill was also opposed by the U.S. Chamber of Commerce, a large lobbying group for American businesses. But National Association of Regulatory Utility Commissioners President Philip Jones, whose organization hosted Rogers at its winter meeting Wednesday supported a cybersecurity bill.
“We are hopeful we can come up with a workable solution, either legislative or through an executive order,” Jones said.
Rogers said Wednesday that the urgency of preventing cyberattacks has made the issue a top national security priority.
“We are absolutely under siege,” Rogers said. “And we are fooling ourselves if we think we don’t have a problem. It’s getting worse.”
Because the bill has broad bipartisan support, Rogers was optimistic it could be passed this year; President Barack Obama has signaled support for cybersecurity legislation but opposed last year’s legislation.
Rogers cited recent high-profile cases of cyberattacks, including the Jan. 30 revelation by The New York Times that the newspaper was the victim of a cyberattack originating in China, which Rogers said could help bring public attention to the issue.
China is developing its cyberwarfare capabilities at a “breathtaking” rate, Rogers said. However, he said a greater danger may lie in nations such as Iran using cyberattacks on the United States and its allies because China and Russia would both fear the international backlash if they instigated a cyberconflict.
“Countries like Iran, backed into a corner internationally, isolated, developing their capabilities… Would they make a nonrational decision?” Rogers said. “I argue, absolutely.”