Defense, intell heavyweights urge Senate action on cyber bills

Saying that the window of opportunity to pass critical legislation during this Congress is quickly disappearing, seven former Pentagon, Homeland Security and intelligence officials have written the Senate’s Democratic and Republican leaders urging them to bring cybersecurity legislation to the floor as soon as possible.

“We have spoken a number of times in recent months on the cyber threat — that it is imminent and that it represents one of the most serious challenges to our national security since the onset of the nuclear age sixty years ago,” they wrote. “It appears that this message has been received by many in Congress — and yet we still await conclusive legislative action.”

Related coverage:

Bipartisan cyber bill now the center of partisan turf war

The June 6 letter was sent to Senate Majority Leader Harry Reid and Minority Leader Mitch McConnell. It was signed by:

Michael Chertoff, former Homeland Security secretary

Mike McConnell, former director of the National Security Agency and National Intelligence

Paul Wolfowitz, former deputy defense secretary

Gen. Michael Hayden, former director of the NSA and the CIA

Gen. James Cartwright, former vice chairman of the Joint Chiefs of Staff

William Lynn III, former deputy defense secretary

There are a variety of competing bills pending before Senate committees, focusing on different areas of cybersecurity.

Comprehensive bipartisan legislation introduced by Sen. Joseph Lieberman (I-Conn.) would enable the Homeland Security Department to establish minimum security requirements for the nation’s private-sector critical infrastructure, as well as oversee government cybersecurity. A number of competing bills have been introduced by Republicans that would focus narrowly on enabling voluntary information sharing between private sector and government, and would give the National Security Agency a larger role in cybersecurity.

The letter does not specify bills being supported but urged the Senate to keep the ball rolling by following up on actions taken in the House, which in April passed the controversial Cyber Intelligence Sharing and Protection Act despite White House threats of a veto.

The authors said it is essential to ensure protection of our critical infrastructure to effectively protect our national and economic security from the growing cyber threat, and said that “performance standards in some cases will be necessary.” They said that the standards should be technology-neutral and risk and outcome based.

“We will not advocate one approach over another,” they wrote. “However, we do feel strongly that critical infrastructure protection needs to be addressed in any [cybersecurity] legislation.” The letter added that “any legislation passed by Congress should allow the public and private sectors to harness the capabilities of the [National Security Agency] to protect our critical infrastructure from malicious actors.”