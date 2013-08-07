By Alina Selyukh
| NEW YORK
NEW YORK Aug 7 Weeks of revelations about
secret U.S. surveillance programs could stymie progress on
negotiations over new laws and regulations meant to beef up the
country's defenses against the growing threat of cyber attacks,
cyber security experts say.
Current and former cybersecurity officials say they worry
the ongoing disclosures about secret National Security Agency
spying programs by former NSA contractor Edward Snowden could
trigger hasty or rash actions by Congress or the private sector,
hampering efforts to enact an effective cyber policy.
The Obama administration, lawmakers and the private sector
in recent years have been negotiating how the government and
industry should partner to protect critical infrastructure like
power plants against a growing threat of cyber attacks.
Despite the emerging consensus that U.S. cyber defenses must
be improved, the conversation has sputtered amid disagreements
about liability and privacy protections, the creation of new
industry standards and other critical elements.
Now, cybersecurity leaders say the leaked details of the
vast scope of NSA's online data gathering may hamper efforts to
draft cyber policies, such as greater information-sharing
between government and industry.
"It's opened up a big can of worms about what the
government's role is, which is already a big open question in
cyberspace," said Bruce McConnell, the Department of Homeland
Security's Acting Deputy Undersecretary for Cybersecurity. "I
don't think this is going to be helpful in making Congress, who
tends to be risk-averse, forge new policy agreements."
"The Snowden revelations have made the Congress more
uncomfortable with providing clear authorities to the
government," McConnell told Reuters on the sidelines of the
SINET Innovation Summit in New York on Tuesday.
The House of Representatives made the first legislative
challenge to NSA's data gathering in July through an amendment
to the defense appropriations bill.
The proposal, opposed by the White House and the
intelligence community, failed by a narrow 12-vote margin. In
private conversations, government officials said they hope
Congress does not "let a good crisis go to waste." Instead, they
want to use the heightened public attention to cyber operations
to spur a constructive conversation about better cybersecurity.
"It is sensitizing people to ask the question, 'what is the
role of government?' It's forcing that dialogue to happen,"
Douglas Maughan, who runs the cybersecurity division at the
Department of Homeland Security's Science and Technology
Directorate, told Reuters at SINET.
The House recently passed a bill that would increase the
sharing of cyber threat information between the private sector
and the government. But in a repeat of last year's failed
attempt to pass such a law, the White House has threatened to
veto the bill over privacy concerns. The Senate has yet to
introduce its version of an information-sharing bill.
Both Maughan and McConnell, who is leaving DHS for the
EastWest Institute, a think tank focused on conflict resolution,
said Snowden's revelations have so far not hurt the department's
cybersecurity partnerships with the private sector. But they
expressed worries about what Congress might do next.
"That's the concern, that people are going to have a
knee-jerk reaction and try to rush a legislative remedy,"
Maughan said.
Mark Weatherford, who preceded McConnell at the DHS before
joining the Chertoff Group consulting firm this year, said the
lack of major NSA-related legislative proposals shows
appreciation of the value of digital intelligence gathering,
which officials say has helped thwart numerous terrorist plots.
But he agreed that public concerns over the scope of
government surveillance online convolute policy progress.
"We are in a more complicated debate now," Weatherford said.
"It's going to take a couple of years to recover from the
perception that the government is overreaching."
Some private sector cybersecurity executives also concede
that trust in government's handling of private data has suffered
from Snowden revelations. They echoed concerns about an erosion
of trust expressed by prominent hackers and cyber experts at two
major security conventions in recent weeks.
"All the policies are stepped backwards," SINET founder
Robert Rodriguez told Reuters. "You've got to build the trust
again."
(Reporting by Alina Selyukh, editing by Ros Krasny and David
Gregorio)