Sony hack gives Obama political capital to push cybersecurity agenda
Edward Snowden may have doomed the prospects for cybersecurity legislation last Congress 鈥 but North Korea may revive them in this one.
After the leaks from the former National Security Agency contractor, privacy advocates staunchly opposed cybersecurity bills that share information with the government, amid fears they would increase the spy agency鈥檚 power to access and share even more private information from citizens. The information-sharing bills stalled.
Yet President Obama鈥檚 new push this week has so far been warmly received on听Capitol Hill 鈥 and on both sides of the aisle.
Obama鈥檚 proposals, one week before his State of the Union address, come after the destructive hack of Sony Pictures Entertainment, for which the government has publicly blamed and sanctioned North Korea. It鈥檚 also on the heels of a maelstrom of other high-profile data breaches last 鈥 including on Home Depot and JP Morgan Chase & Co. 鈥 and this week鈥檚 brief takeover of the US military鈥檚 Central Command social media accounts by apparent Islamic State supporters.
All told, it may be enough momentum to break the logjam and give members of Congress political cover to come together this session to support a controversial part of Obama鈥檚 cybersecurity agenda: To give companies immunity from lawsuits if they share certain information about cyber threats with the government with the Department of Homeland Security.
An information-sharing bill 鈥渉as to pass this Congress,鈥 Senate Intelligence Committee Chairman Richard Burr, a North Carolina Republican, told Passcode. 鈥淚t helps any time the president supports something.鈥
Moving a cybersecurity information-sharing bill 鈥渉as never been easy,鈥 he acknowledged, 鈥渂ut we鈥檙e committed to go extremely quickly.鈥
The Sony hack was a wake-up call on Capitol Hill, several lawmakers said. The attackers not only stole private information, they destroyed company data and computer hardware, and they听also coerced Sony into altering its plans to release "The Interview," the comedy about the assassination of the North Korean leaders. All of this may go a long way to persuade lawmakers that mandating information sharing about cybersecurity threats will ultimately help defend private companies.
鈥淚鈥檓 glad [Obama] is pushing to address cyber legislation,鈥 said Republican Sen. Kelly Ayotte of New Hampshire. 鈥淲e鈥檝e stalled in the past, and if you look at what happened with the Sony attack, I think we can鈥檛 afford to stall anymore. I think his timing is right on here鈥 . I haven鈥檛 talked to anyone in Congress who has said, 鈥楾his shouldn鈥檛 be a priority for us.鈥欌
Sen. Angus King, an independent on the Intelligence Committee, agreed. 鈥淚 think everybody realizes the urgency.鈥
Maryland Democratic Rep. Dutch Ruppersberger, who already reintroduced his version of information-sharing legislation this session, said in a statement that, 鈥淧resident Obama and I agree we can no longer afford to play political games while rogue hackers, terrorists, organized criminals and even state actors sharpen their cyber skills.鈥
However, just because 鈥渆verybody鈥檚 on board with the idea of it鈥 鈥 as Republican Sen. John McCain puts it 鈥 doesn鈥檛 mean it will be easy to make progress on this controversial and complicated issue. 鈥淚 have been to more meetings on cyber than any other issue in my time in the Senate, and gotten the least amount of result,鈥 said Senator McCain, who chairs the Armed Services Committee.
There are already divisions emerging this time around. McCain opposes the White House鈥檚 proposal to route cyberthreat information through the Department of Homeland Security. He said the National Security Agency should take that role. 鈥淚鈥檓 glad to see a proposal of theirs, for a change, and we鈥檒l be glad to work on it 鈥 just not rubber stamp it,鈥 said McCain.
On the other side of the spectrum, some privacy advocates are unhappy that Obama鈥檚 proposal 鈥 which essentially rehashes bills maligned by privacy groups since 2011听鈥撎齱ould enable DHS to share the data it receives on threats with other relevant federal agencies.
鈥淲e鈥檙e going to be pushing to kill the bill, probably,鈥 said Mark Jaycox, a legislative analyst for the Electronic Frontier Foundation, in part because it still does not appear to offer a mandatory requirement companies remove personal information before sharing it, and because the data will ultimately end up in the hands of the NSA.
鈥淲hile its always good for the White House to talk about consumer privacy and user privacy, the most important privacy item is NSA reform,鈥 Mr. Jaycox said.
That said, members appear to have an eye on compromise.
One of the most divisive issues has been which agency will collect the threat information 鈥 and Senate Homeland Security and Governmental Affairs Chairman Ron Johnson says he is inclined to support using DHS as the main repository.
鈥淏ecause of the sensitivity of the Edward Snowden public perception, and the concern about civil liberties, the civilian agency of government might be the best place to have as a center point,鈥 Senator Johnson, a Wisconsin Republican, told Passcode.
Burr, the Intel chair, also hinted at the possibility of compromise. 鈥淚 think we鈥檒l do this in a way that can assure passage 鈥 because the nation needs it.鈥
Johnson says the urgency for cybersecurity legislation after the Sony hack might sway some of his Republican colleagues to move away from focusing on the NSA听鈥 as well as people on the left, too.听
鈥淚t鈥檚 not just the federal government that can threaten our civil liberties," said Johnson. If attacks such as the Sony hack continue, he said, "take a look at how much at risk our freedoms will be at that point.鈥
Sony may help overcome the post-Snowden 鈥渇ear factor鈥 about sharing information with the government, said Rep. Jim Langevin, co-chair of the Congressional Cybersecurity Caucus, which has grown by 11 members just this session.
Cybersecurity legislation stalled because Snowden 鈥渃reated this belief that there was this massive government overreach on the capabilities of the information that was being collected at NSA,鈥 said Representative听Langevin, a听Rhode Island Democrat, in an interview last week. 鈥淚t didn鈥檛 have really anything to do with what we鈥檙e talking about in terms of sharing classified threat signatures.鈥
But now, he said, 鈥淧eople are becoming attuned to the fact that a country or a hacker could really go after one of the nation鈥檚 major corporations as they did against Sony, and cost them potentially hundreds of millions of dollars in damage.鈥 And that, said听Langevin, "was an eye opener.鈥
听
