As the House prepares to vote next week on landmark legislation to protect the nation's computer systems, Republicans have stripped a key provision from a bill designed to secure the power grid and other critical infrastructure from being hacked.
A major piece of the PRECISE Act, which unanimously passed a House subcommittee on Feb. 1, sought to protect vital networks by allowing the Department of Homeland Security to help create cybersecurity standards that companies must meet.
But during a hearing on Wednesday, House Republicans offered an amended version of the bill that removed provisions enforcing cybersecurity standards. Rep. Dan Lungren (R-Calif.), who introduced the legislation, said he had to make the changes to gain political support.
"There was a requirement to reassess our bill as to whether or not it was too ambitious to be able to pass the floor," Lungren said at the hearing.
The question of whether DHS should be given power to enforce cybersecurity standards at private companies -- which own and operate 85 percent of critical infrastructure -- has become a major sticking point for cybersecurity legislation.
Many Republicans and business lobbyists, including the U.S. Chamber of Commerce, oppose legislation with regulations, claiming they would harm companies, while many Democrats say DHS enforcement is the only way to properly address cyber vulnerabilities within critical infrastructure.
Experts say leaving vital sectors of the economy unprotected from hackers could lead to the collapse of the banking system, sustained blackouts or even mass casualties.
"I remain convinced that we will not have adequate cybersecurity without minimum standards for the nation’s critical infrastructure, such as the electric grid, upon which we most rely," Rep. Jim Langevin (D-R.I.), who is co-chairman of the House Cybersecurity Caucus, said in a statement.
"House Republican leadership appears determined to approach this vital national security challenge like every other issue: in an extremely partisan way that impedes progress, in this case siding with those in critical industries who are neglecting public safety," Langevin added.
Thus far, more than 40 cybersecurity bills have been unveiled on Capitol Hill, emerging from a wide range of committees. The flurry of legislation reflects a growing sense of urgency in Congress after numerous revelations over the past year that hackers have infiltrated the networks of major corporations to steal corporate secrets or leak sensitive customer data.
Experts are particularly concerned about the potential for hackers to target critical infrastructure, such as the power grid. There have been nearly 50 reports of "attempted or successful cyber intrusions of critical infrastructure control systems" since President Barack Obama asked Congress to pass cybersecurity legislation during his State of the Union speech in late January, according to White House spokeswoman Caitlin Hayden.
Earlier this week, a team of senior officials from the Obama administration, including DHS Secretary Janet Napolitano, FBI Director Robert Mueller and NSA Chief General Keith Alexander, held a classified briefing for House lawmakers to explain the cyber threat facing critical infrastructure.
The briefing "was intended to provide all House Members with an appreciation for the cyber threat facing the nation as they consider new legislative authorities that could help the U.S. Government prevent and more quickly respond to cyber intrusions and attacks," Hayden said in a statement.
The PRECISE Act will need to be reconciled with two competing bills in the Senate that differ over whether DHS should be given power to enforce cybersecurity standards at private companies.
It will also need to be reconciled with another bill, The Cyber Intelligence Sharing and Protection Act, or CISPA, which seeks to give businesses and the federal government legal protection to share cyber threats with each other in an effort to thwart hackers. But the legislation, co-sponsored by Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.), has been criticized by civil liberties groups who say it does not protect consumers from having their private data shared with the government.
CISPA also has been criticized by the White House for not enforcing cybersecurity standards on critical infrastructure.
Obama favors legislation that includes "risk-based performance standards to ensure the nation’s most vital of critical infrastructure systems meet a baseline level of security," Hayden said. Last May, the White House unveiled its cybersecurity proposal, which is similar to a Senate bill sponsored by Sen. Joe Lieberman (I-Conn).
"The nation’s critical infrastructure cyber vulnerabilities will not be addressed by information sharing alone," Hayden said.
The House is expected to vote on CISPA next week, marking the first time that comprehensive cybersecurity legislation has ever reached the floor of Congress for a vote. The timeline for votes on other cybersecurity bills remains uncertain.