These remarks come one day after a bill had been reintroduced on Wednesday that gives companies legal protection from sharing cyber threat information with one another and the government.
Rogers and the committee’s lead Democrat, C.A. “Dutch” Ruppersberger of Maryland, drove the bill’s reintroduction after it fell short last year.
In 2012, the bill, named Rogers-Ruppersberger, had been passed by the House and not in the Senate after President Barack Obama’s administration had threatened to veto it on the grounds it didn’t include enough to either increase cyber defenses and or protect the privacy of consumer data.
The American Civil Liberties Union and other digital-rights groups have been critical of the bill, alleging it enables companies to share sensitive personal information with the government such as military agencies. Rogers has disputed this by saying the bill has “strong restrictions and safeguards” for privacy protection.
This week, Obama had issued an executive order which includes some language from the failed Senate version. It asks for the government to create voluntary cyber standards for those companies operating key assets including power grids and railway systems. It also told U.S. agencies to communicate threat information with the industry.
Rogers and Ruppersberger have said they’re discussing their bill with Obama’s administration which could fill some holes found in the president’s order.
Rodgers said in Thursday’s hearing that China’s cyber espionage efforts directed toward U.S. industrial secrets “has grown exponentially both in terms of its volume and damage it’s doing to our economic future” and that “We have no practical deterrents in place today,” reported Bloomberg.
The heightened attention and sensitivity to cybersecurity comes after the recent security breaches of the U.S. Federal Reserve website, invasions by Chinese hackers of the New York Times, The Wall Street Journal and other news organizations and the attacks on U.S. banks websites.
Kevin Mandia, chief executive officer of Mandiant Corp., an Alexandria, Virginia-based threat detection company said at Thursday’s hearing via Bloomberg, “It is reasonable to assume that, if an advanced attacker targets your company, a breach is inevitable,”
“That surprises many people, but it is the undeniable truth, and a direct result of the gap between our ability to defend ourselves and our adversaries’ ability to circumvent those defenses.”
Maniant Corp. did review the New Yorks Times and Washington Post intrusions.
Rogers added in response to the attacks on the banks’ websites that from talks with the private sector, “I heard nothing to dissuade me from the conclusion that the Iranian government is behind these attacks. You begin to see a pattern of steady, asymmetric, and often lethal Iranian attacks on the United States and our interests.”