From: American Banker
by Victoria Finkle
WASHINGTON — The threat of cyberattack is an increasingly hot topic in Washington, but political interest alone appears unlikely to provide enough momentum to get cybersecurity legislation supported by banks passed this year.
The issue continues to gain widespread attention in the wake of numerous attacks on banks and other companies in recent years, with some, including former Defense Secretary Leon Panetta, warning about the prospect of a future “cyber-Pearl Harbor” that could cause widespread damage to financial networks, the power grid or other key sites.
But a debate over how much information private companies should share with the government has divided lawmakers and complicated the push for a bill.
“At this stage, despite all of the noise that we’re hearing about the threat, I haven’t seen the will on the Republican or Democratic side to come to a compromise on some of these issues,” said Nathan Taylor, an attorney at Morrison Foerster. “That decreases the likelihood of something passing Congress and getting to the president’s desk unless it is really narrowly targeted on areas that are really noncontroversial.”
The White House issued an executive order in February that expanded some information sharing provisions and directed the construction of a national cybersecurity framework, but observers have said the effort is not a substitute for legislation.
Cyber experts say that increased information sharing is critical to helping head off future attacks, while privacy advocates warn that making the provisions too lenient could erode consumer protections and individual rights.
For their part, banks are already highly involved in sharing information with their regulators and the industry, but remain hopeful that a formal measure could benefit the economy as a whole.
“The info sharing piece is obviously very important to financial services companies,” said Doug Johnson, vice president of risk management policy at the American Bankers Association. “It’s not just about information sharing in our sector, which we already do quite well, but trying to ensure that companies outside of our sector and the government really understand what the processes are associated with this, and what kinds of liability protections and civil liberty protections are needed.”
Despite increasing interest on the issue from lawmakers and the private sector, however, it’s unclear whether there’s a viable vehicle in Congress for passing any information sharing provisions after the Senate twice failed last year to pass comprehensive cybersecurity legislation. Beyond the debate over privacy concerns, lawmakers also need to address disagreements over which government agency should head up information sharing efforts and possibly coordinate across multiple committees with jurisdiction on some of these issues.
Efforts this year have fallen short so far. The Cyber Intelligence Sharing and Protection Act, which passed the House in April, was considered dead-on-arrival in the Senate, largely because of concerns among Democrats and the White House that it didn’t do enough to protect privacy.
Sen. Dianne Feinstein, D-Calif., chairman of the Senate Intelligence Committee, said last month that her panel is drafting its own bipartisan legislation, but the bill hasn’t been introduced yet. A spokesman declined to comment further on the legislative effort.
Other lawmakers, including some in the House, are also said to be possibly renewing their work on the issue, despite CISPA’s failure.
“I am confident we are not going to see a bill passed this year called CISPA,” said Gerald Ferguson, a partner at Baker Hostetler. “CISPA has become such a lightning rod for criticism from civil liberties groups. The White House and Senate want to do all they can to distance themselves from it. But it’s a different question as to whether they can pass an information-sharing bill, and I think there’s a good prospect at that.”