Obama Veto Decision on CISPA Remains, Says White House Cybersecurity Coordinator
The Obama administration is hopeful that “cooler heads” will prevail to pass a White House-backed Senate cybersecurity bill as lawmakers see “the national security implications” of some provisions of the measure. The “small regulatory regime” for core critical infrastructure that’s contained in the Cybersecurity Act (S-2105) is “very narrowly crafted” and built on “best practices” for corporations, many of which are already implementing them for “their own business purposes,” said Howard Schmidt, White House cybersecurity coordinator. “We don’t see that being asking too much of anybody,” he said in an interview on the C-SPAN program The Communicators scheduled to air Saturday.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
Despite last-minute amendments, the House-passed Cyber Intelligence Sharing and Protection Act (CISPA) still doesn’t meet the White House threshold for “privacy for American citizens, corporate liability … and protecting core critical infrastructure,” he said. So the veto threat remains. S-2105 regulations are aimed at core critical infrastructure, “not everything out there,” Schmidt said. Companies “absolutely” have a responsibility to report attacks to the federal government, he said. It isn’t just enough to hope that “you are doing the right thing and if something happens you may or may not tell us,” he said. “We need a higher level of assurance than that.”
S-2105 is sponsored by Senate Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman, I-Conn., Ranking Member Susan Collins, R-Maine, Senate Commerce Committee Chairman Jay Rockefeller, D-W.Va., and Senate Intelligence Committee Chairman Dianne Feinstein, D-Calif. What’s proposed in the bill doesn’t “create some new regulatory regime where now you have to do 15 reports to 15 different government agencies,” Schmidt said. “If you already have a responsibility to report we just need to make sure that the [Department of Homeland Security] has the visibility into that so that they have a level of assurance that you are doing what you need to do."
Asked if the White House would support adoption of three other cybersecurity bills passed along with CISPA last month (CD April 30 p8) or insist on a comprehensive package to the Senate bill, Schmidt said a “piecemeal” approach is “going part way and we can’t afford as a country to [go] part way.” Besides CISPA, the House passed the Federal Information Security Amendments Act (HR-4257), the Cybersecurity Enhancement Act(HR-2096), and the Advancing America’s Networking and Information Technology Research and Development Act (HR-3834).