Obama officials press for cybersecurity bill in classified briefing

Obama administration officials held a classified briefing with senators Wednesday to press for passage of comprehensive cybersecurity legislation this year, The Hill has learned. 

Several senators on Thursday acknowledged to The Hill that they had taken part in the classified briefing. The session was requested by the Obama administration and included representatives from the White House, Federal Bureau of Investigation, the Department of Homeland Security, National Security Agency and Pentagon, as well as the bipartisan leadership of the committees with jurisdiction over cybersecurity.

All parties in the meeting agreed that there is an urgent need to address the rapidly growing threat to America's computer networks, sources said.

ADVERTISEMENT
Three senators interviewed by The Hill said there was widespread agreement during the briefing on the urgent need to pass a bill that would clarify how much authority the government has to require private sector firms deemed critical infrastructure — such as utilities and financial institutions — to improve their network protections.

But the lack of cooperation between the relevant agencies and committees has stalled the process since the Obama administration unveiled recommendations for cybersecurity legislation in May.

"There's a feeling it needs to be done very, very soon," said Sen. Chuck GrassleyCharles (Chuck) Ernest GrassleyHigh stakes as Trump, Dems open drug price talks Senate approves border bill that prevents shutdown Grassley raises voice after McConnell interrupts Senate speech MORE (R-Iowa), ranking member of the Judiciary Committee.


Grassley said he believes progress can be made through the working cybersecurity group set up by Senate Majority Leader Harry ReidHarry Mason ReidConstitutional conservatives need to oppose the national emergency Klobuchar: 'I don't remember' conversation with Reid over alleged staff mistreatment Dems wary of killing off filibuster MORE (D-Nev.) and Minority Leader Mitch McConnellAddison (Mitch) Mitchell McConnellGOP Green New Deal stunt is a great deal for Democrats The national emergency will haunt Republicans come election season Trump: McConnell should keep Senate in session until nominees are approved MORE (R-Ky.) that is made up of the relevant committee heads, but not if different committees insist on moving forward independently.


The crux of the debate is deciding which firms should be deemed critical infrastructure and be covered by a new cybersecurity law. There is also debate over to what extent those companies should be required to comply with security standards established by the government. 

Senate Homeland Security Chairman Joe Lieberman (I-Conn.) said the White House proposal was "not that different" from the comprehensive cybersecurity bills that have emerged from his panel and the Senate Commerce Committee.

Both the Senate and the White House plans task Homeland Security with overseeing private sector networks. But Lieberman noted the Senate bills include mandatory enforcement actions,  while the White House plan relies on a weaker "name and shame" enforcement regime.

The House Republicans unveiled their own recommendations earlier this month. Their guidelines suggest a narrower definition of critical infrastructure than the White House or Senate and emphasizes information sharing with industry and incentives over mandatory security standards.

Unlike the White House, House Republicans would largely limit the rules to sectors that are already heavily regulated, such as nuclear power, and would task the existing regulators for those sectors with taking cybersecurity into account.

Senate Armed Services Committee chairman Carl LevinCarl Milton LevinListen, learn and lead: Congressional newcomers should leave the extremist tactics at home House Democrats poised to set a dangerous precedent with president’s tax returns The Hill's 12:30 Report — Sponsored by Delta Air Lines — White House to 'temporarily reinstate' Acosta's press pass after judge issues order | Graham to take over Judiciary panel | Hand recount for Florida Senate race MORE (D-Mich.) said another key issue is the extent to which critical infrastructure firms will be required to report cyber attacks to the government and what their liability would be in the event they share information with the government that is later exploited in an attack.

Levin said disagreement over the extent of government security mandates is central to the debate but believes progress has been made because all of the lawmakers involved feel the same urgency about passing something as soon as possible.

Lieberman acknowledged there is some debate over the issue but said he prefers to settle it in the open rather than behind closed doors.

"Let's go to the floor and argue it out," Lieberman said.

ADVERTISEMENT

Lieberman said the turf war over which agency should be in charge of implementing the government's cybersecurity plan has been largely resolved and there is a "broad consensus" that DHS is best suited to the task, with technical and intelligence support from the military and National Security Agency.

Lieberman also said cybersecurity continues to be a priority for Reid and the hope is to bring the Senate package to the floor for a vote before the end of the year. Grassley and Levin echoed the need for quick action on the issue.

Levin acknowledged his committee is still waiting for the Pentagon to clarify its policy on a number of cybersecurity issues such as when a cyberattack constitutes an act of war or which government agency is authorized to respond to such attacks. But he said there is agreement those issues are separate and they won't delay the debate over cybersecurity legislation.

-- This story was updated at 5:42 p.m.