April 16, 2013, 6:06 p.m. ET By SIOBHAN GORMAN
WASHINGTON—The White House threatened Tuesday to veto a cybersecurity bill about to be debated in the House, presenting Congress with a new test of its ability to respond to one of the top threats to the U.S.
Legislative attempts to beef up security of computer networks in the U.S. collapsed last year in a debate over government regulation and privacy. Since then, warnings from U.S. defense and intelligence officials have grown more dire while lawmakers remain divided.
In a preview of this year’s action, House lawmakers are expected to begin debate Wednesday on a bipartisan bill that aims to bolster data sharing between the government and U.S. companies about cyberthreats. Democratic senators and the White House favor a more-comprehensive approach.
The new debate comes after Director of National Intelligence James Clapper elevated cyberthreats to the top of his list of national-security concerns and a National Intelligence Estimate provided evidence of widespread infiltrations of U.S. computer networks by the Chinese military. Evidence also emerged of Chinese spying inside the computer networks of major U.S. media, including The Wall Street Journal and New York Times.
U.S. defense and intelligence officials have grown increasingly alarmed over a relentless cyberattack campaign against U.S. banks by what they say are Iranian-backed hackers. Both China and Iran have denied involvement in cyberspying or attacks.
Intelligence Committee Chairman Mike Rogers (R., Mich.), lead author of the House cyberbill, called cyberattacks “the most important national-security threat” the U.S. faces. But the White House said Tuesday his bill lacks sufficient privacy protections—an objection it raised to a similar bill last year.
The Obama administration is “concerned that the bill does not require private entities to take reasonable steps to remove irrelevant personal information when sending cybersecurity data to the government or other private sector entities,” the White House said in a statement, adding that the administration is committed to finding “a workable solution.”
If the House approves the bill, as expected, Senate Democrats and the White House would have to decide whether to negotiate with the House or press for a broader measure that also would set minimum security standards—such as updating security software on a regular basis—for computer networks serving the electric grid and other critical infrastructure.
In the Senate, lawmakers are revising a bill that stalled last year. Senate Democrats are weighing whether to try again to pass a single comprehensive bill that includes standards, or to take a more piecemeal approach, congressional aides said.
Many Senate Democrats believe that given the difficulties of passing any legislation, they should press ahead with a wide-ranging bill that includes cybersecurity standards, rather than passing separate bills for data-sharing and standards.
Republicans and business groups generally oppose setting private-sector standards, even voluntary ones. The U.S. Chamber of Commerce has warned standards could become mandatory later. That opposition sank the White House-backed cybersecurity bill last year.
A key part of both parties’ calculations will be whether the growing threat of cyberattacks and cyberspying will force more compromise. Another will be whether lawmakers believe an executive order President Barack Obama signed in February makes a bill more important or less so. His order established programs for sharing data with the private sector and created voluntary cybersecurity standards.
Obama administration officials say legislation is still needed to provide incentives, such as liability protection, to get businesses to participate in both programs. “Carefully-crafted information sharing legislation is essential, though not alone sufficient, to improve the nation’s cybersecurity to an acceptable level,” said White House spokeswoman Caitlin Hayden.
Mr. Rogers said the establishment of standards by executive order should make the White House more willing to accept his data-sharing bill. He also said the House approach could mesh this year with a data-sharing measure being written by his counterpart on the Senate intelligence committee, Sen. Dianne Feinstein (D., Calif.).
Mr. Rogers and Rep. C.A. Dutch Ruppersberger (D., Md.), the top Democrat on the intelligence panel, said they have taken several steps to improve privacy protections, including preventing improper government use of personal data. But advocates of minimum cybersecurity standards say the House bill is insufficient. Christopher Finan, a former White House cybersecurity aide, said the changes to the House bill are only “marginal privacy tweaks,” and data sharing wouldn’t eliminate security gaps in systems running critical infrastructure.