Senator: Congress needs to pass cybersecurity bill now

Lawmakers should act before there's a catastrophic attack on the U.S., Susan Collins says

The U.S. Congress needs to pass cybersecurity legislation creating voluntary standards for businesses operating critical infrastructure before the country is the victim of a major cyberattack, one lawmaker said.

A major attack is coming, said Senator Susan Collins, a Maine Republican and cosponsor of a wide-ranging cybersecurity bill stalled in the Senate.

"We know it's only a matter of when, not whether, we have a catastrophic attack," she said at a Woodrow Wilson Center debate about cybersecurity. "My hope is this isn't a case where Congress does nothing until there is a catastrophic attack on our critical infrastructure and then, inevitably, we will overreact and that will make [civil liberties groups] very uncomfortable."

One major problem with cybersecurity efforts in the U.S. is that businesses being attacked often don't have a complete picture of the threats, said General Keith Alexander, commander of U.S. Cyber Command and director of the U.S. National Security Agency. Government agencies and businesses need better incentives to share information with each other, he said.

"The people who run the networks understand what's happening on their networks, given the information they have," Alexander said. "The problem is they don't have all the information. Government has some, they have some, academia has some, and we're not sharing."

Alexander has voiced support for the Cybersecurity Act, the legislation introduced by Collins and three other senators earlier this year. The bill would create voluntary cybersecurity standards for U.S. businesses and would set up mechanisms for the government to share cyberthreat information with businesses and for businesses to share it with each other.

The nature of cyberattacks is changing, from simple intrusions to disruptive attacks, Alexander said. At some point, attackers may seek to destroy networks or infrastructure such as the electrical grid or stock markets, he said.

While Collins and Alexander called for new cybersecurity measures, Anthony Romero, executive director of the American Civil Liberties Union (ACLU), urged lawmakers to take a thoughtful approach. Government efforts in the area need strong oversight, and some recent proposals in Congress would put the NSA or U.S. Department of Defense in charge of most government cybersecurity programs, he said.

Programs at the NSA or DOD would have little transparency to the public, Romero said.

Romero said he's concerned that the fight against cyberattacks will become similar to the country's decade-old fight against terrorism. "In the name of fighting terrorism, we tortured, we abrogated due process for certain detainees, we opened a military camp in Guantanamo that's still open to this day," he said. "In the name of national security and cybersecurity, we could easily go too far as well."

The Cybersecurity Act had several civil liberties protections, Collins said. Civil liberties concerns are a good reason for Congress to act now, not after a major attack, she said.

In addition to destructive attacks, cybercriminals are stealing U.S. intellectual property, she said. "It is our economic edge, our intellectual property, our R&D, that's being stolen," she said. "It costs billions of dollars and millions of jobs to our country."

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts