Lew backs new cyber law

Lawmakers in Congress need to step up to the plate and protect U.S. cyber networks, Treasury Secretary Jack Lew said on Wednesday.

New legislation allowing companies to share information with each other and the government while still providing “important liability protection” is needed to ensure that banks and other major networks stay safe from hackers, Lew said at the Delivering Alpha conference in New York.

“Our cyber defenses are not yet where they need to be,” he said, according to prepared remarks. “Cybersecurity must be ongoing, and by working together — all of us — we will meet this test.”

ADVERTISEMENT
Legislation making it easier for firms to share information has been hotly contested in Congress.

Supporters have hoped that a bill passed out of the Senate Intelligence Committee this month could get a floor vote before the August recess, but privacy and civil liberties advocates have raised their voice in opposition.

The Cybersecurity Information Sharing Act (CISA) would allow people’s personal information to be shuttled to agencies like the National Security Agency, critics fear. In the past, President Obama has threatened to veto similar bills that did not do enough to protect people’s information. 

Lew did not specifically comment on the merits of CISA or any other bill, but said that any legislation should protect civil liberties.

“We need legislation that protects individual privacy and civil liberties, which are so essential to making the United States a free and open society,” he said.

In addition to calling on Congress to get moving, Lew also pointed the finger at Wall Street.

“Far too many hedge funds, asset managers, insurance providers, exchanges, financial market utilities, and banks should and could be doing more,” he said.

For instance, many firms are keeping it a secret after they get hacked, which prevents other companies from learning how hackers are trying to infiltrate their networks.

“There cannot be a code of either silence or secrecy about the steps necessary to protect our basic security,” Lew said. “Sharing information is far too essential.”

Earlier this year, the Obama administration released a framework for critical infrastructure systems like power companies, emergency services and Wall Street banks to protect their networks.

Every financial firm needs to take advantage of that, Lew said, but “it is not enough for firms themselves to adhere to these basic practices.” In addition, banks need to make sure that every contractor and hardware company they rely on also takes steps to protect their systems

“Cyber attacks on our financial system represent a real threat to our economic and national security,” Lew claimed.