Sen. Joseph Lieberman, I-Conn., is confident the Senate will consider his controversial cybersecurity bill within the next month. Whether he has garnered enough support among divided lawmakers is another issue.
“I’m as confident as I can be that this will come up no later than July,” Lieberman told reporters at one of two cyber briefings by the Department of Homeland Security on Wednesday. Lieberman echoed intentions by Senate Majority Leader Harry Reid, D-Nev., to bring cyber legislation to the Senate floor as soon as possible.
The House passed the Cyber Intelligence Sharing and Protection Act (CISPA), HR 3523, in April, but Lieberman said his bill is the better bill. In a statement Wednesday he urged the Senate to pass the bill and iron out differences with the House.
Under Lieberman’s 2012 Cybersecurity Act, certain companies operating the nation’s electric grid, water supply and other critical systems would have to meet cybersecurity standards approved and enforced by DHS and share with the government all instances when they come under cyber attack.
But Congress is at odds about DHS regulating the security of some privately owned networks and whether the department is capable of taking on that role. The briefing on Capitol Hill was one of several that Lieberman hopes will change people’s perception of DHS and highlight its cyber defense capabilities.
“I want people to be confident that the folks at the department can handle it,” he said.
Mark Weatherford, DHS’ deputy under secretary for cybersecurity, said the department has the capacity and cybersecurity expertise in house as well as partnerships with the Defense Department and National Security Agency. He also refuted claims that DHS’ latest intrusion detection system, Einstein 3, may not be made available to agencies. DHS is considering how to deploy the system, he said.
Officials from DHS’ United States Computer Emergency Readiness Team demonstrated how easily hackers can gain control of a person’s computer through spear phishing — targeted emails crafted to convince an individual to divulge information or open malicious files.
The officials simulated how hackers might gather personal information from social networking sites to design a seemingly credible email. They planted malicious code into an email attachment using an open software tool called BackTrack5. By opening the corrupt file, victims can give attackers complete access to their computer, web camera, documents and other data.
The tool was created for security testing purposes but can also be used to launch intentional attacks.
Spear phishing is the most common form of cyber attacks used against personal computers and critical cyber infrastructure, Lieberman said. He added that his bill would raise the defenses against these types of attacks through information sharing and security requirements. For example, the bill would likely require companies to create more complex passwords.
“Some just have the word password,” he said.