If he becomes the next secretary of defense, former Nebraska Senator Chuck Hagel will continue the Pentagon's push for legislation that establishes cybersecurity standards for banks, utilities, energy firms, defense contractors, communications and transportation companies, an Obama administration official told Killer Apps.
The official, who is involved in supporting the nomination, said Hagel will take "the approach that was outlined" in the Obama-backed Cybersecurity Act of 2012, which repeatedly failed to advance in the Senate last year amid concerns by the business lobby that it would impose too much of a regulatory burden.
That bill -- cosponsored by former independent Connecticut Senator Joe Lieberman and Sen. Susan Collins (R-ME) -- would have required so-called critical infrastructure companies to meet minimal IT security standards. Those standards would have been established by the government but largely enforced by private industry.
The bill also allowed rapid information sharing between businesses and the government. And it restricted the types of information that could be collected on private citizens, while protecting businesses working with the government from lawsuits claiming they had inappropriately shared such information.
Hagel's supporters in the administration hope that his experience helping to found and run Vanguard Cellular in the 1980s, along with his Republican credentials, will help allay the business community's fears that cybersecurity legislation will simply laden them with burdensome regulations.
"He's a classic conservative and he's generally opposed to regulation unless there's a very good reason for it," said the official. "Because he has that private sector credibility, when he talks about cyber legislation and the need for an approach where the government and the private sector work together to come up with baseline standards for cybersecurity, he's going to have a lot more credibility doing it because they know philosophically where he's coming from. He's not pro regulation."
Hagel would likely back an approach to develop minimal standards "jointly with the private sector and the government to come up with something that is agreeable to both, probably even doing it on a voluntary basis where a company's willingness to sign up to those standards will be linked to some type of perk or benefit," said the official. While "it's hard to say" exactly what those perks would look like, they may take the form of liability protections in the Lieberman-Collins bill.
"In the executive order that the White House is considering, it's difficult to do some of the things that are most attractive to the private sector, like protection from litigation so there will still be the need for legislation on the hill and I'm sure that's something he will be supportive of," said the official.
John Reed reports on the frontiers of cyber war and the latest in military technology for Killer Apps.