Former Rep. Mike Rogers, a top cybersecurity champion in Congress before he retired last year, blasted the White House on Friday for trying to blame Congress for inaction on cyber issues, after it was forced to acknowledge a massive government data breach one day earlier.
President Obama, he said, not only opposed cybersecurity legislation for years, but he threatened to veto it at a critical moment in 2014 when it had passed the House with bipartisan support, and senators were weighing whether to support it.
“I cannot tell you how disingenuous that is,” Rogers, former House Intelligence Committee chairman, told the Washington Examiner in an interview Friday afternoon. “And it tells you why we don’t have legislation today.”
“It’s maddening to think about how much cyber information has been stolen since then,” he continued. “When there was a time for leadership, it would have been last year. And by the way, the bill passed in a bipartisan fashion.”
“For him to blame Congress in this particular case to me is shameful,” he added.
The White House Friday defended Obama’s record on data security and attempted to lay the blame for the latest serious government data breach at Congress’ feet. White House press secretary Josh Earnest pointed to steps the president has taken this year to back cybersecurity legislation that encouraged information-sharing between private companies and the federal government.
Despite these steps, Earnest said Friday that Congress has failed to act.
“We need Congress to come out of the Dark Ages and join us in the 21st century to make sure we have a modern cyber system,” Earnest said, accusing Congress of not doing a “single thing” to try to get a measure passed.
That argument angered Rogers, who said it directly contradicts reality and the years he spent working on the issue in Congress, along with his then-Democratic counterpart on the Intelligence panel, Rep. Dutch Ruppersberger of Maryland.
The pair spent 2013 and 2014 working with the American Civil Liberties Union and the White House to try to troubleshoot privacy concerns, he said. A second version of their bill went further in addressing the privacy issues and passed the House last year with support on the left and right and 288 votes, at a time when very few bipartisan bills were gaining traction in the House.
This year, the House passed a similar bill in April, but action has stalled in the Senate, where opponents have continued to argue that it gives the government too much power to collect information on individual Americans from private companies.
After the bulk data collection surveillance controversies exposed by Edward Snowden, some senators have been reluctant to back a bill that would facilitate more information sharing between the government and the private sector.
Rogers told the Examiner that there is a torrent of misinformation about the bill.
“The president hasn’t helped because he has shown absolutely zero leadership in defining the problem — that any information sharing would occur in a minimally intrusive way. Had they had that conversation on a national basis over time, it would have been different. But they left it to Congress, and it’s been a bit of a heavy lift.”
The legislation, he said, would not entail a private company turning over their database to the government. “We wouldn’t advise that,” he said.
Instead, the information that would be shared would be “very specific,” machine-to-machine and based on computer algorithms that can identify malicious sources codes so that the government and other private companies can prevent these types of hacks and intrusions on their own computer systems.
Opponents of the bill continue to argue that having private companies grant the government access to information that could include clients’ personal data is not the answer. Instead, they argue that private companies and the government need to exercise better cyber hygiene and work to harden security of their networks through the use of sophisticated encryption measures.
Robyn Greene, policy counsel at New America’s Open Technology Institute, which vehemently opposes the current and past versions of the cybersecurity legislation, said the latest version of the bill is still too broadly written and is really more of a “cyber-surveillance bill than a cybersecurity bill.”
“We need to be focused on hardening our networks and better securing the data on those networks — both in the public and private sectors,” she said. She added that 99 percent of the breaches are based on the lack of “good cyber hygiene.”
“There are simply things that the public and private sector could be doing that they are just choosing not to do,” she added.
After the Sony attack, Obama flipped to support cybersecurity bills, she said, because the administration “just thought they had to get something done.”
Greene also pointed to news over the last 24 hours that the National Security Agency is scanning U.S. Web traffic for malware signatures to locate bad actors as an example of the federal government overreaching again.
Proponents of the practice such as Sen. Dianne Feinstein, the California Democrat and the ranking member of the Intelligence Committee, said these Internet-scanning programs are not intended to go after Americans or small-scale cyber theft.
“They are targeted at foreign governments, terrorist groups and overseas criminal syndicates that commit sweeping attacks on U.S. networks, stealing data from millions of Americans and costing our economy trillions of dollars,” Feinstein said in a statement Friday.
