Democratic Congressman Blames Senate, White House for Target Corp. Cybertheft
Posted at 4:47 p.m. on July 15, 2014
Rogers, right, and Ruppersberger hold a March 25 news conference. (Bill Clark/CQ Roll Call)
Updated 8:52 p.m. Rep. C.A. Dutch Ruppersberger, the top Democrat on the Intelligence Committee, took aim at his own party’s leaders Tuesday, saying that if the White House hadn’t opposed the House-passed cybersecurity information sharing bill, and if the Democrat-controlled Senate had acted on it, then Target Corp. might not have suffered the cyber-breach last year where hackers stole data on as many as 40 million credit and debit cards.
“It’s really frustrating for us to work so hard and get a bill passed on House of Representatives,” the Maryland congressman said, only for it to go “to the Senate and unfortunately the White House was not in favor of our bill and yet we still got over 300 votes.”
“Look at Target as an example,” he said. “That’s on you, White House, and that’s on you Senate. If we passed that bill, we could’ve shared the information with Target and given them the information necessary to at least protect themselves.”
[Update: A senior administration official says “We have seen no indication that information sharing legislation would have had any impact on the Target breach.”]
Ruppersberger and House Intelligence Chairman Mike Rogers, R-Mich., did praise the Senate Intelligence Committee for voting in favor of a cybersecurity information sharing bill, 12-3, last week. The pair made their remarks during a discussion about a new report on cyber-threats to the electricity grid, released Tuesday by the Center for the Study on the Presidency and Congress. Among the report’s recommendations is passage of a cybersecurity information sharing bill.
The Obama administration and civil liberties groups have criticized the House-passed bill, widely referred to by its acronym CISPA, for insufficiently protecting privacy. The legislation offers protection against lawsuits for companies that share threat data with the government, and seeks to expand the private sector’s access to government threat information. It is supported by industry.
Both backers and opponents acknowledge that fugitive intelligence contractor Edward Snowden’s revelations of bulk collection programs by the National Security Agency have slowed momentum on cybersecurity information sharing legislation.
Rogers said there are only “small differences” to be worked out between the House and Senate bills, although he refused to describe them. “Our thing is, we want to support them getting a bill on the floor and into conference committee so we can get a meaningful package that starts dealing with this problem,” he said.
Tom Ridge, the former Department of Homeland Security Secretary and current National Security Task Force chairman for the U.S. Chamber of Commerce, co-chaired the Center’s report. He said neither party was particularly to blame, but rather a mind set.
“The sense of urgency seems to be missing on some issues. You’re elected to solve problems,” he said, naming the cyber-threat as one of the biggest. “We’re still sitting around talking about it. I really think that information sharing is a very, very significant first step.”
In a written statement, White House spokeswoman Laura Lucas Magnuson said:
Cybersecurity information sharing – with appropriate privacy protections – occurs today under existing laws and is used by sophisticated government and private sector entities to protect their networks. The Administration has consistently worked with Congress and other stakeholders, building upon the release of our legislative proposal in May 2011, to pass legislation that further expands the scale of current cybersecurity information sharing while carefully balancing privacy and liability protections. The Administration also recognizes that information sharing legislation is not a silver bullet that could prevent all serious cybersecurity incidents, but a piece of broader legislative changes and operational efforts essential to protect individuals’ privacy and improve the nation’s cybersecurity.