By Jennifer Martinez - 03/13/13 07:46 PM EDT
"What we care most about is that we're able to receive actionable, timely information from whoever has it," he said.
Gary Hayes, chief information officer of CenterPoint Energy, said cybersecurity legislation needs to be flexible enough so it can apply to both small and large businesses.
"One size fits all is not appropriate," he said.
These calls for information-sharing legislation come a day after JP Morgan's public website was inaccessible due to a hacker attack. Many U.S. companies — including Apple, Twitter and Microsoft — have gone public in recent weeks about suffering from computer security breaches.
Lawmakers, administration officials and industry groups all agree that cyber information-sharing legislation needs to be passed. But movement on legislation has been stalled by disagreements over the details in past bills.
Concerns have been raised over which agency should lead the country's cyber information sharing efforts, and how much liability protection should be provided to companies that share cyber threat data with the government.
There's also a potential turf war brewing on cyber information-sharing legislation. House Intelligence Committee leaders Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.) introduced a bill that would, in part, provide liability protection to companies who share cyber threat data with the Department of Homeland Security and the intelligence community, including the National Security Agency.
During the Homeland Security hearing, Rep. Bennie Thompson (D-Miss.), ranking member of the House Homeland Security Committee, said he was disappointed that the bill was not referred to the panel.
Thompson and Rep. Yvette Clarke (D-N.Y.) urged committee chairman Michael McCaul (R-Texas) in a letter last week to let the Homeland Security committee members consider the bill.
"Our members desire the opportunity to consider the Cyber Intelligence Sharing and Protection Act before it goes to the full House," Thompson said.
Privacy and civil liberties groups have opposed the Intelligence Committee's bill and argued that a civilian agency, such as the Department of Homeland Security (DHS), should coordinate information-sharing efforts between industry and government.
Michelle Richardson, legislative counsel at the American Civil Liberties Union, told the committee that information-sharing legislation needs to give a civilian agency the lead role and also minimize the collation of personal information from companies.
"There are ways to conduct information-sharing that builds in some of the privacy protections needed to protect this very sensitive data," she said.
For his part, McCaul is working on a bill that is aimed at improving coordination between the government and private sector on efforts to secure computer networks of critical infrastructure from cyberattacks.
The Homeland Security Chairman has been meeting with industry groups to solicit feedback on legislation and said he aims for the bill to be "less prescriptive" and flexible enough to let industry to deal evolving cyber threats.
"Our philosophy is our bill will have buy in from the stakeholders," McCaul said.
After the hearing, McCaul told reporters that he aims to have his bill marked up "by springtime" and hopes the House will vote on a series of cybersecurity-related bills, just as it did last year.
"We're looking at moving fairly quickly on this just because every minute we wait the more the nation is at risk," he said.
Homeland Security Deputy Secretary Jane Holl Lute called on Congress to pass a suite of cybersecurity legislation, which should include measures to improve information sharing about cyber threats, protect privacy, affirm the department's role in leading the federal government's cybersecurity efforts and establish a framework of cybersecurity standards.
As Congress grapples with passing cybersecurity legislation, President Obama issued an executive order last month that is designed to address the security gaps in the computer networks of critical infrastructure. The executive order gave DHS a lead role in working with industry to protect key infrastructure, such as water plants and telecommunications networks.
Lute said DHS has created a task force to help the department work on implement the president's executive order.
Several committee members voiced concern that companies are hesitant to share information with the government about cyber threats they spot on their networks, or whether they have suffered an intrusion. To this end, the deputy secretary voiced support for creating a national data breach notification law that will guide companies on when they need to report intrusions into their computer networks and systems.