GOP rep: Why would industry share cyber data with government?

For the second time in as many weeks, Rep. Curt Clawson (R-Fla.) expressed wariness at the notion of legislation to increase the public-private exchange of cybersecurity information.

“I don’t know how you get this to work,” Clawson said at a sparsely attended House subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies hearing on Wednesday.

ADVERTISEMENT

Government officials and numerous industry groups have said Congress must pass a bill to enhance the sharing of cyber threat data between the government and commercial sector.

It’s the only way, they argue, the nation can bolster its faltering cyber defenses, which are getting repeatedly breached by a rising tide of hackers.

But companies won’t hand over more information until Congress grants them legal liability protection when sharing data.

“I like the idea,” Clawson said. “The devil’s in the details.”

He ticked off several immediate problems he identified.

Multinational companies might be hesitant to share, he said, afraid of hurting their standing abroad. Plus, the system doesn’t work without broad industry buy-in, which is no guarantee, Clawson said.

But most importantly, he wondered why any company would want to voluntarily bring the government in for help.

“I’d say, ‘Isn’t this going to slow me down?’” Clawson said.

“I could keep going on and on here,” he added.

It’s the second straight week that Clawson has voiced concerns about Congress’s cyber info-sharing efforts at a hearing.

Several industry witnesses rebutted Clawson’s fears.

“We can’t fight the bad guys without working together,” said Matthew Eggers, senior director of the U.S. Chamber of Commerce national security and emergency preparedness unit. “We can’t tackle nation states or their proxies solo.”

Greg Garcia, executive director of the Financial Services Sector Coordinating Council, tacked on to Eggers’ thoughts.

“The government has information that we do not have,” he said. “Classified information, information about nation state activities.”

“If we’re not fusing that together, we’re really not getting broad situational awareness,” he added.

The full House Homeland Security Committee has yet to introudce its anticipated cyber info-sharing bill this Congress.

Rep. Dutch Ruppersberger (D-Md.) introduced in January an updated version of the Cyber Intelligence Sharing and Protection Act (CISPA), which would give companies liability protection for sharing cyber data with intelligence agenceis.

Homeland Security is expected to move a bill that would put the Department of Homeland Security (DHS), not the intelligence agencies, at the center of the public-private cyber data exchange.

Wednesday’s hearing gave no indication of an expected timeline for the DHS-centric bill.

“If I were running a business,” Clawson said Wednesday “you’d have to lay out pretty clearly how we’re going to get over some of these obstacles.”