The Complex

Hagel would continue admin's push for cybersecurity legislation

If he becomes the next secretary of defense, former Nebraska Senator Chuck Hagel will continue the Pentagon's push for legislation that establishes cybersecurity standards for banks, utilities, energy firms, defense contractors, communications and transportation companies, an Obama administration official told Killer Apps.

The official, who is involved in supporting the nomination, said Hagel will take "the approach that was outlined" in the Obama-backed Cybersecurity Act of 2012, which repeatedly failed to advance in the Senate last year amid concerns by the business lobby that it would impose too much of a regulatory burden.

That bill -- cosponsored by former independent Connecticut Senator Joe Lieberman and Sen. Susan Collins (R-ME) -- would have required so-called critical infrastructure companies to meet minimal IT security standards. Those standards would have been established by the government but largely enforced by private industry.

The bill also allowed rapid information sharing between businesses and the government.  And it restricted the types of information that could be collected on private citizens, while protecting businesses working with the government from lawsuits claiming they had inappropriately shared such information.

Hagel's supporters in the administration hope that his experience helping to found and run Vanguard Cellular in the 1980s, along with his Republican credentials, will help allay the business community's fears that cybersecurity legislation will simply laden them with burdensome regulations.

"He's a classic conservative and he's generally opposed to regulation unless there's a very good reason for it," said the official. "Because he has that private sector credibility, when he talks about cyber legislation and the need for an approach where the government and the private sector work together to come up with baseline standards for cybersecurity, he's going to have a lot more credibility doing it because they know philosophically where he's coming from. He's not pro regulation."

Hagel would likely back an approach to develop minimal standards "jointly with the private sector and the government to come up with something that is agreeable to both, probably even doing it on a voluntary basis where a company's willingness to sign up to those standards will be linked to some type of perk or benefit," said the official. While "it's hard to say" exactly what those perks would look like, they may take the form of liability protections in the Lieberman-Collins bill.

"In the executive order that the White House is considering, it's difficult to do some of the things that are most attractive to the private sector, like protection from litigation so there will still be the need for legislation on the hill and I'm sure that's something he will be supportive of," said the official.

Getty Images

National Security

Panetta talking international rules of behavior for cyberspace during Euro trip

Defense Secretary Leon Panetta is discussing the U.S. government's effort to establish international norms of behavior in cyberspace during his trip to Europe this week.

"That's going to be on the agenda for Secretary Panetta's trip to Europe this week, it'll probably be something that he talks about in his speech in London at the end of the week," a U.S. government official told Killer Apps over the weekend. "As we look at Secretary Panetta's tenure, this is something that remains in the front of his mind as a key priority."

The outgoing U.S. defense secretary just wrapped up a meeting today where he discussed the topic with his Spanish counterpart Defense Minister Pedro Morenes Eulate in Madrid, Spain, according to the official who just updated Killer Apps. 

After seeing billions of dollars in intellectual property stolen and physical damage done to some nations via cyber attacks, the U.S. has been trying to get nations around the world to subscribe to a set of acceptable behaviors in cyberspace that are based on the law of armed conflict. However, the process of establishing universally agreed upon codes of conduct in the relatively new domain of cyber will take decades, cautions another U.S. official. 

"The nature of it is very slow. It's something that will occur over the course of decades rather than months," the second U.S. official told Killer Apps. "We place a lot of emphasis on it, we have ongoing talks with the Chinese, we engage with the Russians and then on a very regular, frequent basis we're talking with our Five Eyes allies, the folks in NATO, the European Union and others."

"That's the way you do it, you come to a common understanding" as to what behaviors the international community deems acceptable.

A key sticking point so far has been that the U.S. and its allies want the norms to focus on things like international cooperation to ban intellectual property theft, while nations such as China and Russia want the norms to leave them free to censor what their citizens view online.

U.S. Department of Defense