A cybersecurity bill under consideration by Congress tries deal with private industry concerns, but its 'loopholes' would leave America open to cyberattack, experts said Thursday.
Mark J. Terrill/AP/File
A bid to make new cybersecurity legislation more palatable to private industry runs the risk of opening large loopholes that hackers, terrorists, and enemy nations could exploit, computer-security experts told Congress Thursday.
The Cybersecurity Act of 2012 is almost finished, and Obama administration officials say it is urgently needed to defend porous computer networks that control key American industries from attacks that could cause mass casualties and hammer the economy.
But the bill would require federal oversight of some "critical infrastructure" – mostly controlled by private industry – and seven Republican senators are balking, saying the bill has not had enough review.
The bill’s difficult balancing act is in making sure that the 85 percent of the nation's "critical infrastructure" that is controlled by private companies is really secure without unduly interfering with private industry.
The need for some plan of action has been highlighted by reports of intrusions into systems controlling the US power grid, water systems, and US oil company networks by hackers. None are now subject to federal oversight to ensure they have adequately secure cyber networks.