Northrop CEO urges Congress to pass cybersecurity legislation

By Andrea Shalal WASHINGTON (Reuters) - U.S. weapons maker Northrop Grumman Corp on Thursday urged U.S. lawmakers to enact cybersecurity legislation that would limit the liability of U.S. companies and enable them to take more decisive action to protect their computer networks. "We need to move to a place as a country where the legal framework matches the technology framework, or even gets within a decade of the technology framework," Northrop Chief Executive Wes Bush told Reuters after a speech to the Economic Club. "It has lagged so terribly today that it causes companies to be extraordinarily risk averse to doing some of the things that they really need to do to better protect the infrastructure," said Bush. He said it was critical to enact legislation that would allow better information sharing between industry and government on threats to computer networks. Northrop, which provides cybersecurity equipment and services to the U.S. Defense Department and other national security agencies, is participating in industry-wide efforts to improve cybersecurity and information-sharing, Bush said. U.S. lawmakers have been contemplating legislation to provide clarity about how private companies should be required to disclose security breaches and cyber threats, but disagreements over liability and other issues have thwarted passage of any cyber security bills thus far. High-profile data breaches at companies like Target Corp and recent revelations of the "Heartbleed" Internet security flaw have fed debate over who should pay to improve cybersecurity and how much information should be disclosed. There are also widespread concerns about possible attacks on industrial control systems that run U.S. nuclear power plants and other critical infrastructure. Fred Schwien, Boeing Co's director of homeland security programs and strategy, this week said an existing program for sharing intelligence about cyber threats to the aviation industry is being expanded into a full-fledged Information Sharing and Analysis Center (ISAC) later this year. Schwien told a cyber conference hosted by Kaspersky in San Francisco that the new body would be modelled on a successful centre focused on financial services, and would be managed by the Department of Homeland Security. Schwien said a secure facility was being erected near National Security Agency headquarters in Fort Meade, Maryland, that will bring "an unprecedented level of information sharing" to the industry. Aviation companies already get classified briefings from the FBI, Federal Aviation Administration, Department of Homeland Security, the Office of the Director of National Intelligence, and the Transportation Security Administration. (Additional reporting by Joseph Menn in San Francisco; Editing by David Gregorio)