Napolitano Fires Back at Cybersecurity Critics

By Rob Margetta, CQ Staff

Days after a pair of Republican senators accused her of making misleading statements about cybersecurity legislation, Homeland Security Secretary Janet Napolitano said the lawmakers had distorted her words.

Ron Johnson of Wisconsin and John McCain of Arizona, both GOP members of the Senate Homeland Security and Governmental Affairs Committee wrote to Napolitano, saying she incorrectly described a cybersecurity bill (S 2105) during a hearing when she said it would help build a robust private partnership without imposing new regulations on industry. Johnson and McCain have characterized the bill as a regulatory package that would allow DHS to impose on companies that maintain critical infrastructure.

In her own letter sent last week, however, Napolitano said the lawmakers were the ones with an incorrect interpretation.

“Unfortunately, your letter mischaracterizes the administration’s approach,” Napolitano wrote, providing a list of classified cybersecurity briefings the administration has provided for the Senate over the past two months. “This misunderstanding, in my view, hinders our ability to cogently debate the nation’s cybersecurity needs.”

The bill that Napolitano described, introduced by Senate Homeland Security Chairman Joseph I. Lieberman, I-Conn., and cosponsored by ranking Republican Susan Collins of Maine, has the support of the administration and the Senate’s Democratic leadership.

In addition to taking steps aimed at promoting information sharing on threats between the federal government and industry, parts of the bill would give DHS the ability to enforce regulations for improving security for facilities that fall under its definition of “critical infrastructure.” The department also would be able to select or rewrite performance requirements used by critical infrastructure entities. Johnson and McCain have called those provisions unacceptable, and have put forward their own cybersecurity bill (S 2151), which deals only with information sharing.

Supporters of Lieberman’s measure — including Napolitano — say legislation that deals only with information sharing would be insufficient to protect the country. In her letter, the secretary wrote that the bill would require DHS to work with industry, avoid duplicating existing regulations and use existing standards drawn up by the private sector whenever possible. The “minimum baseline security standards” the department would be able to enforce would affect only systems the nation requires to function, such as the power, finance, communications, water and transportation systems, and would not harm innovation, Napolitano wrote.

“By establishing a baseline of security through high-level performance requirements and prohibiting regulation of technology products and services, the bill does not hamper innovation,” she wrote. “This recognition of roles and responsibilities is the essence of a public-private partnership.”

Rob Margetta can be reached at rmargetta@cq.com