“Cybersecurity is a lobbyist’s dream,’’ Rogan Kersh, provost at Wake Forest University in Winston-Salem, N.C., who researches political influence, said in an interview.
Washington’s plan to fight attacks had Raytheon and Lockheed Martin, which want to sell security products, lobbying on cyber bills and appropriations. Sectors targeted by hackers, such as banking and energy, have their trade groups pushing for liability protection for sharing threat information. Verizon Communications told lawmakers it wants “greater cybersecurity without technology mandates or prescriptive rules.’’
Companies want to discuss issues, including what kind of effect government-issued security practices will have on corporate supply chains, said Avivah Litan, a Washington-based cybersecurity analyst at Gartner, a technology research firm.
“This is going to be a titanic clash, and when that kind of industry power is aligned against each other, lobbyists start sharpening their knives and forks,’’ Kersh said.
The interest in influencing cybersecurity policy tracks more urgent warnings by the Obama administration and Congress that more action is needed to stop Chinese online espionage and potential digital sabotage of vital infrastructure such as power grids.
Obama issued an executive order in February directing the government to develop voluntary cyber standards for privately held assets considered critical to national security, and to increase sharing of cyberattack information with companies.
Companies “used to think they could ignore this issue or sweep it under the rug,’’ said Sen. Mark R. Warner (D-Va.), who sits on the Senate Commerce and Intelligence committees, both of which have considered cyber bills.
‘Threats can’t be hidden’
A Feb. 19 report from security firm Mandiant Corp., concluding the Chinese army may be behind a hacking group that has hit at least 141 companies worldwide since 2006, has altered the debate, Warner said.
“There’s more and more recognition, industry by industry, that the sheer volume of threats can’t be hidden anymore,’’ he said.
The Department of Homeland Security will identify industries subject to the executive order. While standards are to be voluntary, the order instructs U.S. agencies to consider making them regulations for critical industries they oversee.
“We want to be prepared to weigh in and help guide or inform those processes as appropriate,’’ Ladeene Freimuth, a lobbyist for the GridWise Alliance, a Washington-based group representing electric utilities including Pepco Holdings and Duke Energy, said in an interview.
The alliance, which first registered to lobby on cybersecurity March 2, supports a proposal by Mike Rogers (R-Mich.), chairman of the House Permanent Select Committee on Intelligence, that would give liability protection to companies that share threat information, Freimuth said. The group favors “flexible’’ regulation that does not duplicate existing standards, she said.
The White House is urging Congress to pass legislation to fill in gaps it could not address in the executive order. Lawmakers, who failed to pass a cyber bill last year amid disagreements over the role of government and privacy protections for consumer data, have returned to the topic in recent weeks with hearings and new proposals in the House.
Banks, telecommunications firms and energy companies, which have been targeted for attacks, are pushing for better sharing of threat and attack details from the government. They also want to be protected from privacy lawsuits if they share information on customers, and from negligence suits for failing to act on warnings.
The National Retail Federation lobbied the Senate on its Cybersecurity Act of 2012, as did 3M, which also discussed the bill with Homeland Security and the Justice Department, according to Senate filings.
The Association of American Railroads lobbied on Rogers’ Cyber Intelligence Sharing and Protection Act, which passed a floor vote in the House last year and has been reintroduced this session, records show. The National Cable and Telecommunications Association, meanwhile, lobbied on bills in Congress while also discussing the formation of the White House cyber executive order with DHS, the group’s filings said.
Senate Commerce Committee Chairman John D. Rockefeller IV (D-W.Va.), in September asked all Fortune 500 chief executives about their companies’ cybersecurity practices and their views on the federal government’s role in improving computer defenses.
That made companies realize cybersecurity would gain a higher profile in Washington, said Jessica Herrera-Flanigan, a partner at Monument Policy Group, a lobbying firm representing Boeing, Microsoft and LinkedIn.
“Companies are realizing that it’s important to engage with Congress and with the administration to ensure they have input on the development of laws, rules and regulations that affect them,’’ said Herrera-Flanigan, a former staff director for the House Homeland Security Committee.
Among those registered to lobby on the issue for Ericsson are Rhod Shaw, former chief of staff to Sen. Sherrod Brown (D-Ohio).
Lobbyists for Google’s Motorola Mobility unit include Elizabeth Frazee, former counsel for Rep. Bob Goodlatte (R-Va.) who became chairman of the House Judiciary Committee this year.
The UPS lobbying team on cyber includes Jeff Forbes, former staff director of the Senate Finance Committee and chief of staff to the panel chairman, Max Baucus (D-Mont.).
Spokesmen Jimmy Duvall of Ericsson and Cris Paden of Symantec did not respond to requests for comment. A UPS spokeswoman, Kara Ross, declined to comment, as did William Moss, a spokesman for Motorola Mobility.
“The new frontier is cyberwar in terms of our national defense,’’ Gartner’s Litan said. “I’m not surprised the lobbyists are ramping up.’’
— Bloomberg Government