As the fallout from the cyberattack against Sony Pictures Entertainment grows amid reports that the hack may be linked to the North Korean government, lawmakers and the Obama administration are calling on Congress to focus heavily on cybersecurity legislation after the holiday recess.
At the center of the scandal is a film depicting an assassination attempt on North Korean leader Kim Jong Un, which may have prompted the attack and subsequent leak of countless internal Sony documents that have deeply embarrassed the company. In response to additional unspecified threats, Sony said Wednesday that it would not release the film, sparking a national debate over artistic freedom and raising fears of similar future attacks.
“This is only the latest example of the need for serious legislation to improve the sharing of information between the private sector and the government," said Senate Intelligence Committee chair Dianne Feinstein (D-Calif.). "We must pass an information sharing bill as quickly as possible next year.”
Feinstein sponsored the Cybersecurity Information Sharing Act earlier this year, but the bill ultimately stalled. The senator’s office said Feinstein will take up similar legislation next year, building on a series of cybersecurity bills signed into law this week by the president.
Sen. John McCain (R-Ariz.), the incoming chair of the Senate Armed Services Committee, blamed the attack on the Obama administration, citing a lack of leadership on increasing the country's cyberdefenses. But McCain stressed that Congress should respond with legislation.
“The need for Sony Pictures to make that decision ultimately arose from the Administration's continuing failure to satisfactorily address the use of cyber weapons by our nation's enemies,” McCain said in a statement. “But, Congress as a whole must also address these issues and finally pass long-overdue comprehensive cybersecurity legislation.”
The White House, for its part, says that it is taking the attack very seriously and is looking into its source. But the president also criticized Congress for delaying legislation that would bolster the country's electronic security capacities.
“There are a lot of vulnerabilities as we become more interconnected, and we haven't done everything we need to do to harden and strengthen both our commercial sites in the public sector and the private sector,” Obama told ABC’s David Muir on Wednesday. “That means, by the way, that Congress also needs to take up cybersecurity legislation that's been languishing for several years now. Because there's a bunch of stuff we can do to improve information sharing and make sure that these sites are hardened.”
The White House has been otherwise quite tempered in its reaction to the attack and has not yet publicly accused the North Korean government of playing a role in the cyberattack.
White House Press Secretary Josh Earnest on said Thursday that "actors are oftentimes seeking to provoke a response from the United States of America. They may believe that a response from the U.S. in one fashion or another would be advantageous to them."
Rep. Jim Langevin (D-R.I), co-chair of the House cybersecurity caucus, also cautioned against jumping to conclusions over the source of the attack. But he said that both the public and private sectors in the United States should "do more to shore up their cyberdefenses."
Congress, he said, has a crucial role to play in that effort. “The Sony hack is the clearest indication to date of the grave threat faced by all corporations in cyberspace," Langevin said in a statement. "The new Congress should act without delay to pass a comprehensive cybersecurity information sharing bill to allow the federal government to share what it knows about threats in cyberspace with the private sector, and vice versa.”
Momentum is building among lawmakers who are eager to see Congress take up the issue once they return in January. Sen. Lindsey Graham (R-S.C.) on Thursday tweeted his support for such legislation.
We should make it clear to our adversaries when they attack our American companies & government institutions they will be held accountable.
— Lindsey Graham (@GrahamBlog) December 18, 2014
“Cyber-terrorism is increasingly becoming the weapon of choice for rogue regimes and terrorist organizations. Modernizing cyber-security laws & working to protect national interests against cyber-terrorism should be a top priority 4 Congress in 2015,” Graham wrote in the series of tweets.
Rep. Michael McCaul (R-Tex.), chair of the House Committee on Homeland Security, said that cyberdefense will be his “top priority” next session.
“We must do more to ensure our nation is able to prevent, detect and respond to the growing cyber threat,” McCaul said. “This will be a top of focus of my committee next Congress, and I will continue to work with my House and Senate colleagues to build on the cybersecurity legislation passed by Congress last week.”