UPDATE 1-White House, lawmakers resume cybersecurity bill talks
(Adds comments from Reps Rogers, Ruppersberger)
SAN FRANCISCO, March 1 (Reuters) - U.S. House Intelligence Committee Chairman Mike Rogers said on Friday negotiations with the White House on a new cybersecurity bill have resumed, and the two sides are not "that far apart" after making progress this week.
The Michigan Republican told Reuters that both sides are "very close" on agreeing about the roles that the Department of Homeland Security and other government agencies would play to better defend against cyber attacks. They are also negotiating ways to minimize the transfer and use of personal information from companies to the government, Rogers said.
In a joint interview with the senior Democrat on his committee, Dutch Ruppersberger, Rogers said the talks have been aided by increased concerns about the costs of cyber attacks. Hacks have been discovered against major newspapers, which have been blamed on China, and brief outages have occurred at banking websites, which the lawmakers said were backed by Iran.
Their joint bill, which emphasizes sharing threat information among companies and the government, passed the Republican-dominated House last year but failed in the Democrat-controlled Senate after administration objections.
The White House wants a more comprehensive bill that also sets minimum security standards for vitally important companies. But Ruppersberger said last month's executive order on that issue eased some pressure to include such provisions.
A second gulf between the parties has been over the personal information on customers and users that would be turned over to the government. The current House bill would give broad protection from lawsuits to companies that surrender user data believed to be related to "threats" to their networks to DHS, which could then share it with intelligence agencies that could use it for other national security matters.
But Rogers said the personal information was not essential. "Candidly, you don't need a lot of personal information to fight the threat," he said, adding that details of new malicious software was essential.
Ruppersberger, of Maryland, said companies complained that they had no way to "minimize" personal information attached to "millions of conversations" and that they were working through that issue in the White House talks.
Their comments follow an interview with White House cybersecurity policy adviser Michael Daniel on Monday at the same RSA conference, the largest annual gathering of security professionals.
Daniel told Reuters then that the administration would identify its goals for a new law within two months.
Only after a law passes to shore up defense, the House members said, can the country focus on building support among allies to confront economic espionage from China and others.
(Reporting by Jim Finkle and Joseph Menn; Editing by Tiffany Wu and Leslie Gevirtz)