The Obama administration will provide U.S. lawmakers with aclassified briefing today on the threat posed by computer attacksas a draft Senate cybersecurity bill faces resistance from businessgroups over its potential cost.

The legislation is aimed at compelling operators of vitalinfrastructure, such as utilities and phone carriers, to boostcyberdefenses. The U.S. Chamber of Commerce, the nation's largestbusiness lobbying group, urged lawmakers this week to delayconsideration of the bill, which Senate Majority Leader Harry Reidwants to bring to the floor by Feb. 17.

“Cyber criminals have the ability to interrupt life-sustainingservices, cause catastrophic economic damage, or severely degradethe networks our defense and intelligence agencies rely on,”Senator Jay Rockefeller, a West Virginia Democrat, said in astatement yesterday. Rockefeller, who heads the Commerce Committee,is a lead sponsor of the bill.

Hackers are stepping up assaults on U.S. government andcorporate systems, spurring efforts by Congress and PresidentBarack Obama to shield infrastructure essential to U.S. nationaland economic security, such as power grids and water-treatmentplants.

The Senate measure, which has yet to be formally introduced,would authorize the Homeland Security Department to identifyinfrastructure that is critical to U.S. economic and nationalsecurity and develop standards that must be met to protectthem.

The Chamber said it has “serious concerns” about the draftSenate legislation.

“Layering new regulations on critical infrastructure will harmpublic-private partnerships, cost industry substantial sums oncompliance, and not necessarily improve economic and nationalsecurity,” Bruce Josten, the Chamber's executive vice president ofgovernment affairs, wrote in a letter Monday to Reid and MinorityLeader Mitch McConnell, a Republican from Kentucky.

Today's briefing is intended “to inform senators about thegrowing threat to our cyber security as they consider cybersecuritylegislation in the coming weeks,” Caitlin Hayden, a NationalSecurity Council spokeswoman, said in an e-mail yesterday.

The meeting will be led by senior national security officialsincluding Janet Napolitano, Homeland Security Department Secretary;General Martin Dempsey, Chairman of the Joint Chiefs of Staff; andGeneral Keith Alexander, Director of the National SecurityAgency.

Cost Study

A Bloomberg Government study released in Washington yesterdayfound that utilities, banks and other infrastructure operatorswould have to spend almost nine times more on computer defenses toreach a state of security capable of preventing 95 percent of cyberattacks.

The study was conducted by Ponemon Institute LLC, a TraverseCity, Michigan-based security-research firm, which interviewedtechnology managers at 124 companies and 48 governmentagencies.

Even an incremental improvement in computer defenses wouldrequire a significant investment, according to the study. To beable to thwart 84 percent of attacks, up from the current 69percent, respondents said they would have to almost double theiraverage expenditures on equipment and practices such as userverification systems, encryption and workforce training.

The study highlights the need to explore ways to financecybersecurity improvements rather than focus solely on technologystandards and requirements, Larry Clinton, president of theWashington-based Internet Security Alliance, said at the conferenceintroducing the study's findings.

“The threats and costs are going up but the investments aregoing down,” said Clinton, whose group's members include LockheedMartin Corp., Verizon Communications Inc. and Northrop GrummanCorp. The study “documents what that gap is and indicates that itis much higher than we had expected.”

Representative William “Mac” Thornberry of Texas, who heads aHouse Republican task force on cybersecurity, said Congress shouldact on legislation this year while avoiding bills that dictate howto shore up computer defenses.

“The threat changes so fast, technology changes so fast, thatthere is no way government regulation can ever keep up,” Thornberrysaid at the Bloomberg Government conference.

'Bigger Deal'

Thornberry said company executives responsible for criticalinfrastructure need to make network security a “bigger deal,” andsaid the government can assist companies in certain ways, includingby sharing threat data.

“We expect a company to have locks on the doors and maybe afence around them,” he said. “We don't expect them to defendthemselves against bombers that come over the top.”

House Republicans support more narrowly targeted bills thatwould provide companies with incentives to better protect theirnetworks and promote information sharing with the government. Suchbills could come to the House floor in late February or earlyMarch, Thornberry said.

Bloomberg News