Huffpost Technology
Gerry Smith Headshot

New Cybersecurity Bill Still Leaves Country Vulnerable To Attack, Experts Say

Posted: Updated:
Sen. Jay Rockefeller (D-W.Va.) has co-sponsored the revised cyber-security bill.
Sen. Jay Rockefeller (D-W.Va.) has co-sponsored the revised cyber-security bill.

A Senate cybersecurity bill introduced last week removes a key provision from earlier legislation that would require companies to protect their computer systems, an omission that still leaves the nation at risk of a cyber attack, experts warn.

On Thursday, a group of five senators re-introduced the cybersecurity legislation. An earlier version of the bill required companies who run the power grid, gas pipelines, water supply systems and other critical infrastructure to meet a certain level of security or face penalties.

But Republicans opposed the initial bill, claiming it was unfair for the government to force companies to make costly security improvements. So the bill's sponsors said they compromised. The new version of the bill says companies can volunteer to have their security practices inspected by the government and can recommend their own security improvements, which would be voluntary.

The Senate is expected to consider the bill later this week.

But experts say the compromise means the bill does little to protect the nation from hackers. Without the government enforcing cybersecurity, companies are unlikely to strengthen their networks on their own, they say.

The new bill "basically depends on the industry to make a good faith effort to improve security, and up until now they haven't done anything," said Joe Weiss, a security expert on critical infrastructure. "The question is, 'Why would you expect all of a sudden for that to change?'"

James Lewis, a senior fellow at the Center for Strategic and International Studies, said, "The problem is the bill doesn’t give the government any new capabilities. You don’t need this bill. Nothing really changes."

The bill's sponsors -- who said they removed regulations from the legislation to get Republican support -- expressed their preference for the previous bill, but emphasized that they believe the newest version would still be effective.

"This compromise will significantly strengthen the cybersecurity of the nation's most critical infrastructure and with it our national and economic security," Sen. Joe Lieberman (I-Conn.) said in a statement after the revised bill was introduced.

On Thursday, President Barack Obama pushed for the bill's passage in an op-ed in the Wall Street Journal. He said the bill was needed because hackers "are probing our financial, energy and public safety systems every day."

For months, the Obama administration has been pushing for new authority to enforce security standards in critical infrastructure. In March, Gen. Keith Alexander, head of the National Security Agency, told Congress the government needed that authority because critical infrastructure operators weren't taking even basic security steps, like updating software.

Many experts believe the nation's vital computer networks are vulnerable to an attack that could lead to the collapse of the banking system, sustained blackouts or even mass casualties. Some have made comparisons to the lack of airport security before the Sept. 11 attacks.

The threat appears to be growing. Last year, hackers broke into computer systems running critical infrastructure nearly 200 times, compared with 41 times the year before, according to a report last month from the U.S. Industrial Control System Cyber Emergency Response Team.

Earlier this year, House Republicans also removed language from a cybersecurity bill that would have forced companies to meet baseline security standards. That bill passed in April.

Lewis, of the Center for Strategic and International Studies, said Senate Democrats likely acceded to Republicans' demands because time was running out during an election year.

"They wrote the bill that was going to get the votes," Lewis said. "And in doing that they left out the most important part."

Around the Web

Obama Gives Thumbs-Up to New Cybersecurity Bill

Senators Unveil Revamped, Obama-Backed Cyber-Security Bill ...

Lieberman Revises Cybersecurity Bill Seeking Senate Support ...

President Obama's Favored Cybersecurity Bill Wont Protect U.S. ...

This Week in Tech: Senators push for cybersecurity as time runs out

AREVA and Northrop Grumman Announce Plans to Provide Cybersecurity ...

State warns businesses of cyber security threats

 
  Obama Romney
Obama Romney
332 206
Obama leading
Obama won
Romney leading
Romney won
Popular Vote
33 out of 100 seats are up for election. 51 are needed for a majority.
Democrat leading
Democrat won
Holdover
Republican leading
Republican won
Democrats* Republicans
Current Senate 53 47
Seats gained or lost +2 -2
New Total 55 45
* Includes two independent senators expected to caucus with the Democrats: Angus King (Maine) and Sen. Bernie Sanders (Vt.).
All 435 seats are up for election. 218 are needed for a majority.
Democrat leading
Democrat won
Republican leading
Republican won
Democrats Republicans
Seats won 201 234
Click for Full Results
From Our Partners