Saturday, July 26, 2014

News
Cybersecurity lobbying doubled in 2012
by Chris Patterson


NEW YORK (CNNMoney) -- Cybersecurity was in the headlines practically every day last year, grabbing the attention of lawmakers -- and lobbyists.

Scary hacks and data breaches in 2012 hit companies as diverse as NBC, LinkedIn and Global Payments. Lawmakers began tussling over how to help protect companies from these attacks, and as a result, lobbying action on cybersecurity nearly doubled last year.

A total of 1,968 lobbying reports mentioned the word "cybersecurity" (or variations of the term) several times in 2012, according to a report compiled by the Center for Responsive Politics for CNNMoney. That's up from just 990 reports in 2011.

"Cybersecurity has seen such a substantial increase over the last few years, and not many other [lobbying] issues have reached that point so quickly," says Daniel Auble, a senior researcher for CRP.

Part of the reason lobbying spiked last year is that cybersecurity has proven to be a bipartisan issue, capturing the attention of a wide variety of lawmakers, says David Ransom, a partner at law firm McDermott Will & Emery who served as a policy adviser to Rep. Steny Hoyer, D-Md. The widespread concern over cybersecurity is unlike more specialized issues, including gun control and health care.

Several cybersecurity-related bills are flying around the halls of Congress, and all players want their voices heard. For example, the hot-button Cyber Intelligence Sharing and Protection Act has drawn both support and ire since being introduced in late 2011. About 270 companies and organizations have filed lobbying documents about CISPA, which would allow companies to share potentially sensitive information with the government.

The stakes are high.

"Cybersecurity affects all of our major systems: our financial services, telecom systems, even our chemical plants and dams," says Ransom. "It's not just about personal information. Every [congressional] committee, from privacy from homeland security, has a vested interest."

Congress' concern is well founded. As companies beef up security for their systems, cyberattacks become more advanced and targeted. Professional hacker groups -- including, reportedly, the Chinese government -- are using increasingly complex tools in their attacks.

Cyberattackers' ability to constantly find new tools and tricks makes legislation difficult, says Ransom, who lobbies lawmakers on cybersecurity issues on behalf of financial services and tech companies.

Still, another expert says, Congress can and should make security standards more clear.

"At the simplest level they can clarify: What is a computer crime? There's currently far too much discretion for federal law enforcement," says Peter Toren, a lawyer at Weisbrod Matteis & Copley and author of the book Intellectual Property & Computer Crimes.

Congress should also "raise the standards of what companies need to do to keep their systems secure," Toren says. "There are no clear standards as to whether or not a company is being negligent."

Lawmakers should act quickly, says Toren, who served as one of the first federal prosecutors with the Justice Department's Computer Crime Unit when it was formed in 1992.

"In the broad historical sense, people have been breaking these laws for a while," Toren says. "But the past two to three years have a different feel. These aren't claims and threats; they're sophisticated attacks that could have major repercussions for all of us."