Intelligence leaders called for a more secure “legal foundation” for cybersecurity on Tuesday, as the Senate began final deliberations on major cyber legislation.
In remarks made at The George Washington University, neither CIA Director John Brennan nor National Security Agency (NSA) Director, Navy Adm. Michael Rogers, explicitly mentioned the Senate bill — called the Cybersecurity Information Sharing Act (CISA) — but both indicated that general rules along its lines were essential for them to protect the nation.
{mosads}“Congress over the past few years have tried, so far without success, to pass laws addressing the need for comprehensive cyber policy, especially on information sharing between the public and private sectors,” Brennan said. “Such an approach is essential if our nation is to better defend itself against foreign cyber threats.”
“Just as intelligence tradecraft must keep pace with technology if we in the intelligence community are to meet our global mission, so too must the laws that cover how we carry out our work,” he added.
In fact, the theft of documents from Brennan’s own personal AOL email account underscore “just how vulnerable people are to those who want to cause harm,” the CIA head said.
Rogers, meanwhile — who also serves as the head of the U.S. military’s Cyber Command — offered a more general warning about the state of the globe’s digital risks.
“Cyber is the great equalizer,” he said. “It doesn’t take billions of dollars of investment, it doesn’t take tens of thousands of people and it doesn’t take a decade of specialized effort.
“Cyber offers nation-states, groups [and] individuals the opportunity to achieve particularly significant effects with limited expertise and limited investment,” Rogers warned. “That’s just a bad side of the equation for us to be on.”
The comments were delivered as Senate lawmakers squared off for the last few hours of debate before the likely overwhelming passage of CISA later on Tuesday afternoon.
The bill — which has received vigorous opposition from privacy advocates — would encourage companies to share information about possible cyber vulnerabilities, with the goal of eliminating any blind spots on government or corporate networks. Critics of the effort, including some major tech companies, warn that the legislation is merely a surveillance bill in disguise, and would sweep people’s information into the hands of the NSA and other government agencies.
Tuesday’s likely passage of CISA comes after years of effort in the Senate, and months after the House passed similar legislation.
The White House has supported the Senate bill, calling it “one piece of a larger suite of legislation” needed to protect the nation’s digital data.
“I’m confident in our ability to respond to crises,” Rogers said on Tuesday, speaking about general cyber risks. “It’s how do we get ahead of this problem set so this never occurs in the first place.”