House Intelligence Committee chairman Rep. Mike Rogers (R-Mich.) said he’s worried Congress won’t be able to pass its cyber intelligence-sharing bill before the end of the year, raising the possibility that it could take years to make any progress on the important topic.
Rogers said during a Washington Post Live event on cybersecurity that he had spoken to his Senate counterpart, Sen. Dianne Feinstein (D-Calif.), earlier this week and was confident the House and Senate could get past the differences in their bills if the full Senate could pass the bill and allow the two to begin a conference committee. The full House cleared its bill in April and the Senate Intelligence Committee passed its bill in July.
“We have a very small window to get this done, very small window,” Rogers said. “It is not impossible, but the political challenges in the Senate right now make the hurdles pretty high, unfortunately,” he added, noting that the cyber bill had gotten tangled up in politics with the intelligence authorization bill and the Foreign Intelligence Surveillance Act.
“If we don’t get it done in this lame duck session…it all starts over,” he said. “The clock starts over. [Senate Intelligence Committee ranking member] Saxby Chambliss (R-Ga.) will be gone, he’s retiring; I’ll be leaving as chairman. It’s going to take some time to ramp it up,” in a best case scenario, he said, and worse case “it could be years before this gets done.”
Rogers said cyber attacks have gotten worse even over the past year, with criminal organizations now demonstrating the same capabilities and tactics as nation states. In some cases, criminal enterprises are attacking at the bottom of a supply chain and working their way through the networks into that of the ultimate target –a retail store, for example–to steal credit card information. That tactic and ability resembles attacks from nation states, Rogers told reporters after his speech, and he believes that nations and criminal groups are increasingly collaborating in these attacks.
The government’s hands are somewhat tied in responding to attacks and conducting offensive cyber operations because the government only runs about 15 percent of American networks, whereas the private sector owns the remaining 85 percent. The government could go after cyber criminals, Rogers said, but “they’re not likely to come back at whatever agency participated in that, they’re likely to try to come back, again, in one of those private sector networks and cause harm.”
In addition to criminal organizations, Rogers said that Iran has been probing the networks of American financial institutions, using cyber as a political tool to inflict damage on the United States, and Russia launched cyber attacks in response to economic sanctions from the United States and Europe.
“This is a new dangerous form of warfare and international relations,” he said.