The Obama administration is urging business leaders to back legislation to strengthen the nation's cyber defenses.
White House efforts to promote voluntary sharing of information about cyber threats among banks, utility operators and others who own critical infrastructure represent "an important step" but a presidential directive cannot substitute for a law, Treasury Secretary Jack Lew said Wednesday in remarks to directors at the U.S. Chamber of Commerce.
"Specifically, we need Congress to pass legislation that improves cybersecurity," Lew said. "We also need legislation that can incentivize the adoption of best practices and standards for critical infrastructure by complementing the process set forth under the executive order."
Lew's remarks, which were first reported by Politico, come amid a push by the administration to detail a framework that addresses risks to the nation's financial networks, energy grid and telecommunications networks from cyber threats.
The White House that gives the National Institute of Standards and Technology until August to map out a preliminary standard and guidelines for protecting critical infrastructure that cuts across industries.
Cyber experts say information sharing can help to ward off future attacks but that legislation is needed to shield companies that exchange information with the government and one another from legal liability that many companies say currently deters such sharing.
The House passed a bill in April that would immunize companies from legal liability for sharing cyber threat information. Though the measure had the backing of the Chamber of Commerce and other business groups, the White House threatened to veto the bill, saying it did too little to protect online privacy.
Legislation to promote sharing of cyber threats faces uncertain prospects in the Senate, which twice failed last year to pass a comprehensive cybersecurity bill after business groups charged it would lead to too many regulatory mandates.
Besides the push for information sharing, the administration is doing what it can to help banks address the threat of cyberattacks, according to Lew. The Treasury Department has arranged more than a dozen classified briefings over the last year for financial services industry leaders.
"These briefings have drawn on the knowledge of law enforcement and intelligence officials from across the federal government," said Lew, who also noted that financial regulators are providing guidance to companies they supervise about the need for backup systems and recovery plans.
"This heightened attention on resilience is an important development in the financial sector and one that I believe will be a focus on other major industries," Lew added.