Business leaders press for better information-sharing about cyber threats

Business leaders unveiled a proposal on Wednesday that's aimed at boosting the security of American companies' computer infrastructure against cyberattacks from hackers.

The Business Roundtable, which represents the chief executives of top U.S. companies, is calling for Congress to pass legislation aimed at improving the sharing of information about malicious source code and other cyber threats between government and industry so companies can thwart cyberattacks in real-time.

Business Roundtable President John Engler said improving information-sharing — rather than implementing top-down regulations — is key to preventing hackers from siphoning companies' valuable intellectual property or attacking their computer systems.

"Speed matters here and that's why flexible approaches are being talked about," Engler said.

The trade association stresses that information-sharing legislation needs to include liability protection for companies so they're protected from legal action after sharing cyber-threat data with the government. The legislative framework also needs to include antitrust and freedom of information protections for businesses so they don't suffer legal and financial repercussions for sharing cyber-threat data with the government and their corporate peers.

"The private companies want to be sure that if they're sharing this information and acting in good faith that they want to be protected," said Michael Manchisi, group executive of MasterCard Worldwide's global processing business.

On the other hand, Manchisi said U.S. companies want the government to send them information about incoming cyber threats in a timely manner — including classified information, in some cases — so they can immediately act on it. He said regulations would impede companies from responding quickly to cyber threats.

There are "hundreds of thousands of attempts" to get into MasterCard's systems "all the time," Manchisi said. He credited the company's computer security group for thwarting those attacks.

"There are people who are trying to get into our systems every day, every hour, and the challenge is being able to stay ahead of that," he said.

The financial services sector has been hit in recent months by a spate of attacks from hackers. U.S. banks such as Wells Fargo, PNC and Bank of America had their public websites disrupted this fall, according to The New York Times.

Cybersecurity legislation is expected to be revisited again this year after the Senate and House failed to come together on a bill in the last Congress. The Obama administration is also aiming to release an executive order on cybersecurity this month.

The Senate tried to pass a sweeping cybersecurity bill twice last year, which encouraged critical infrastructure operators to follow a set of minimum computer security standards in exchange for incentives. GOP members and several business groups opposed the measure, arguing that it would saddle companies with new burdensome regulations.

The House is expected to tee up the Cyber Intelligence and Sharing Protection Act again this year, which focuses on improving information-sharing about cyber threats between companies and the government. The bill enjoyed broad support from a variety of industry groups, including the Business Roundtable, but raised privacy and civil liberties concerns from digital advocacy organizations and the Obama administration.

Despite last year's legislative gridlock, the Business Roundtable said it was hopeful that Congress would revive its efforts to pass legislation in 2013. Liz Gasster, a vice president at the industry group, said Congress needs to pass an information-sharing focused bill so businesses can receive the intelligence they need to secure their computer systems and networks from cyberattacks.

"The threats are as serious as they were in the last Congress, maybe more. There is a need to improve this situation" Gasster said. "We're convinced the way to do it is through information-sharing."

"We really have to have a bill to make information-sharing operational," she said.

In the proposal, the business leaders also say they will commit to investing in an information-sharing infrastructure, including gaining security clearances for staff. The CEOs also recommend that companies' boards review their cybersecurity strategies and potential risks to their computer systems and networks.