Oct. 27 (Bloomberg) -- Congress should pass cybersecurity legislation designed to boost protections for financial networks, transportation systems and power grids, the head of the Homeland Security Department said.
An Obama administration proposal issued in May designed to protect critical infrastructure from hacker attacks “strikes the right balance” between the roles of government and private sector, Secretary Janet Napolitano said today in Washington.
“Attacks in the cyber world are increasing in frequency and complexity and in consequence,” Napolitano said at an event sponsored by the Washington Post. There is “bipartisan recognition” on the need for Congress to take action, she said.
The Obama administration’s proposal would require companies to report data breaches based on a national standard, toughen penalties for computer crimes and direct the Homeland Security Department to work with banks, utilities and factory owners to develop cybersecurity plans.
A task force of 12 House Republicans led by Representative William “Mac” Thornberry of Texas this month also made recommendations on infrastructure protection, emphasizing voluntary industry standards, incentives and limited regulation.
A series of data breaches at companies including Sony Corp. and Citigroup Inc. have drawn attention to the tactics of hackers who break into corporate systems. Sony has said it expects to incur 14 billion yen ($184.3 million) in costs related to an April attack on its entertainment networks that exposed more than 100 million customer accounts.
Chemical, Power Plants
Homeland Security officials have pointed to the potentially catastrophic effect of such an attack on important facilities such as a chemical or power plant. The majority of such sites are owned or operated by the private sector.
Senators from both parties last week stressed the need for “urgent legislative action” on cybersecurity at a briefing convened by the White House last week, Napolitano said.
Napolitano expressed optimism that Congress would take action this session, and said disagreements have come down to the question of government mandates versus industry incentives to boost cybersecurity defenses.
Thornberry, who also spoke at the event, supported an “incremental” approach to cybersecurity legislation and said Congress has a role to play in fostering information-sharing on cyberthreats between companies and government.
The Republican task force led by Thornberry recommended the creation of an organization outside government to act as a clearinghouse of information on cyber attacks to let U.S. agencies and companies that operate the nation’s critical infrastructure share real-time data.
Napolitano said Homeland Security is authorized to hire as many as 1,000 additional cybersecurity personnel.
--Editors: Steve Walsh, Michael Shepard
To contact the reporter on this story: Eric Engleman in Washington at firstname.lastname@example.org
To contact the editor responsible for this story: Michael Shepard at email@example.com