Revelations that Russian hackers were able to access President Obama’s private schedule is proof Congress must move legislation encouraging companies to share cyber threat data with the government, said Sen. Susan CollinsSusan Margaret CollinsCollins to endorse LePage in Maine governor comeback bid McConnell privately urged GOP senators to oppose debt ceiling hike GOP senator will 'probably' vote for debt limit increase MORE (R-Maine).
“We cannot afford to let important legislation languish as our nation sits woefully unprepared for these dangerous attacks,” said Collins, a member of the Senate Intelligence Committee.
The Cybersecurity Information Sharing Act (CISA) would give companies legal liability protections when sharing cybersecurity information with the government. The Intelligence Committee approved the bill by a 14-1 vote last month, and it’s expected to get a floor vote sometime in April.
Most lawmakers, government officials and industry groups are on board with the bill, arguing it’s a necessary step to bolster the nation’s cyber defenses. Privacy advocates remain steadfast in opposition, claiming the measure would merely shuttle more of Americans’ private data to the National Security Agency.
CISA, Collins said, “would take immediate steps to reduce the vulnerability of sensitive information systems in both the public and private sector" and at the White House.
Officials acknowledged in October the White House system had been hit by hackers but downplayed the event. The cyber assailants only accessed the unclassified system, and computers were not damaged, they said.
But a report Tuesday indicated the hackers had gotten their hands on highly sensitive information, such as the president’s schedule, within that unclassified system. While portions of Obama’s schedule are made public, many meetings and phone calls are known only to senior staffers.
Such intimate knowledge would be valuable to foreign intelligence agencies in countries like Russia, which is thought to be behind the attack.
The report also revealed Russian hackers used a previous intrusion at the State Department as a foothold to get into the White House’s network.
“These reports are troubling and further expose that our nation’s defenses against cyberattacks are dangerously inadequate,” Collins said.
The Senate’s cyber bill would make all cyber threat data sharing voluntary. Collins thinks the threat is serious enough that some information sharing should be mandatory.
The Maine Republican offered an amendment during the CISA markup that would have created two tiers of sharing. While 99 percent of businesses would use the voluntary program, critical infrastructure companies would have a mandatory data-sharing requirement.
“A single successful cyberattack against certain critical infrastructure could cause catastrophic economic damage, loss of life, or the severe degradation of our national security or defense,” Collins said.
The amendment did not make it into the final text, however. That hasn’t diminished Collins’s support for the bill.
CISA “would remove significant legal and economic disincentives that currently impede information sharing between private industry and government that can promote the identification and mitigation of cyber threats,” she said.