With top intelligence officials warning that cyber attacks have replaced terrorism as the leading threat against the United States, the White House and lawmakers have spent months discussing how to improve the flow of information between the government and the private sector.

A second go-around for the Cyber Intelligence Sharing and Protection Act (CISPA) was approved by the Republican-controlled House of Representatives in a bipartisan vote on April 18, though the White House has again threatened to veto the bill unless more protections for privacy and civil liberties are added.

Still, senior Obama administration officials say behind-the-scenes talks with lawmakers this time around are constant, more serious and more productive.

“I actually think that the outlook is significantly better than it was last year,” the White House cybersecurity policy coordinator, Michael Daniel, told the Reuters Cybersecurity Summit in Washington this week. “What has impressed me has been the willingness of everybody involved to actually continue having those discussions and to continue that extensive level of dialogue trying to find some solutions.”

While Daniel cautioned that it is never easy to get the divided House and Senate to agree to anything, he predicted that final cyber legislation might be seen by the fall.

“A lot of us are concerned about getting a good piece of cybersecurity legislation before something really bad happens. As a general rule, legislation that is produced immediately after a crisis is not as good as the stuff that can be done when it’s more thought-out,” he said.

Last year, the Senate failed to pass a comprehensive cybersecurity bill that combined information-sharing provisions similar to those in the current CISPA with voluntary cybersecurity standards for businesses that control critical U.S. infrastructure.

Since then, President Barack Obama has signed an executive order that directs government officials to set voluntary standards to reduce cybersecurity risk and offer incentives to private companies to adopt them.

A series of high-profile cyber attacks – such as repeated disruptions of the online banking sites of major U.S. banks, or markets plunging on a fake message on the AP Twitter feed about a White House bombing that never happened – have built momentum behind cyber legislation.

SEPARATE BILLS

The Senate does not plan to vote on CISPA, but is expected instead to take up its own cyber-related bills. On Wednesday, Senate Intelligence Committee Chairman Dianne Feinstein, a California Democrat, said her panel was drafting a version of an information-sharing bill.

Congressional aides said staff and lawmakers from both sides of the aisle are constantly meeting on the issue. One Senate aide said it was a collaborative process to agree on multiple key elements to make the overall law stronger.

Representative Mike Rogers, chairman of the House intelligence committee and CISPA co-author, said key senators including Feinstein were “completely all in” on the need to pass a cybersecurity law. The Michigan Republican predicted that House and Senate lawmakers could work out an agreement on at least an information-sharing bill.

“I think we’re finally coming to the consensus here that hey, let’s pass what we can pass and take another bite. This isn’t the end-all cure-all,” Rogers told the summit.

He said a meeting was scheduled this week – with more to come – between the House and the Senate to discuss in detail the elements of cyber legislation and see where compromise could be reached, without starting completely from scratch.

Rogers predicted that if a bill could pass through both houses of Congress, Obama would sign it despite the veto threat.

URGENT NEED

Top administration officials have underscored the urgent need for laws that would complement Obama’s executive order and help ensure the government and the private sector are on the same page when it comes to threats posed to critical U.S. infrastructure.

Homeland Security Secretary Janet Napolitano said many lawmakers received classified briefings last year on cyber threats, and better education on cyber risks means “we’re starting from a much better base” on legislation.

“There’s a lot of work going on behind the scenes,” Napolitano told the summit. “There are many fewer concerns than there were last time around.”

But officials acknowledge that hurdles remain. For example, some senators, like Homeland Security Committee Chairman Tom Carper, prefer a more comprehensive bill.

“While information sharing is an important part of our efforts, it is only one of many elements needed to properly bolster our cyber defenses,” Carper, a Delaware Democrat, said in a statement.

Other issues he says he would like to address in legislation include protections for critical infrastructure, security of federal agency networks, cyber workforce development and notification of data breaches.

Some private industry security experts were skeptical about the prospects for broad legislation, as well as the effectiveness of such laws in preventing cyber attacks. Shane Shook, chief knowledge officer at cybersecurity services company Cylance Inc, suggested the private sector should organize information sharing itself.

“Comprehensive legislation is never going to happen that can be effective over all 18 sectors,” Shook told the summit.

Ira Winkler, president of the Information Systems Security Association, said he was skeptical that any meaningful legislation would pass this year, barring a major cyber attack that damaged U.S. infrastructure.

“We hear about wake-up calls, but people keep hitting the snooze button,” he said.

(Additional reporting by Andrea Shalal-Esa and Thomas Ferraro; Editing by Tiffany Wu and Mohammad Zargham)

Army General Keith Alexander, who heads the National Security Agency and U.S. Cyber Command, told the Reuters Cybersecurity Summit in Washington that U.S. computer networks were already under constant attack and billions of dollars worth of intellectual property were flowing out of the country each year.

“Mark my words, it’s going to get worse. The disruptive and destructive attacks on our country will get worse and … if we don’t do something, the theft of intellectual property will get worse,” Alexander said at the summit.

Alexander said he was not aware of any cyber assaults against the United States as destructive as the one that damaged computers at Saudi Arabia’s national oil company, Aramco, last year. But he said similar attacks could well be seen “in the not-too-distant future” on key U.S. infrastructure sectors, such as public utilities and financial services.

The general argued forcefully for legislation that would make it easier for the government to work with industry on monitoring private computer networks for signs of intrusion, despite concerns raised by privacy advocates.

But he said the NSA had no interest in reading the emails of U.S. citizens.

“We can protect our networks and protect our civil liberties and privacy,” Alexander told the summit.

He said proposed legislation would not allow government agencies to view data that identified individual people, except in specific cases that required special waivers.

(Follow Reuters Summits on Twitter @Reuters_Summits)

(Reporting By Andrea Shalal-Esa and Deborah Charles; Editing by Tiffany Wu and Paul Simao)

“It demonstrates the kind and scope of financial crimes that
are enabled in a network-connected world, particularly by those
who have some skill although not necessarily the highest level
of skill, quite frankly, but who can coordinate timing and the
like,” Napolitano told the Reuters Cybersecurity Summit in
Washington.

Hackers in December stole a combined $45 million from two
banks through coordinated ATM withdrawals around the world. They
broke into two unnamed bank card processing companies, raised
the balances and withdrawal limits on accounts, then withdrew
the money.

The prosecutors did not name the two companies but said one
was based in India and the other in the United States.

Napolitano, who declined to discuss details of the
investigation, said the growing number of cyber attacks on banks
has resulted in a closer relationship between the government and
financial institutions to tackle potential threats.

“There is urgency and this is a big problem and legislation
certainly would assist us in our efforts,” she said, referring
to cyber security legislation that has been mired in a divided
Congress.

Napolitano said the legislation, the Cyber Intelligence
Sharing and Protection Act, was vital to improve the flow of
information in real time to help ensure companies know about
possible cyber threats.

The House of Representatives easily passed CISPA legislation
on April 18, with majority Republicans getting some support from
Democrats.

She said she hoped the Senate and the House could come
together to agree on legislation to improve cyber sharing that
is supported by the White House. She said officials were working
on it behind the scenes.

While proposed legislation failed to get through the Senate
last year, Napolitano said lawmakers had made some progress
since then.

“One of the things that happened last year was the education
of many members about this field. They didn’t know very much, to
be truthful,” she said.

More congressional hearings on the issue are likely this
summer, Napolitano said, but timing for action on the
legislation is uncertain. “It’s Congress, and they have their
own measure of time,” she added.

Napolitano also said the government was studying ways to use
its purchasing power to induce software makers to sell more
secure products.

“What we are looking at is what kind of incentives could be
used to attract companies to use best practices, including in
the software arena, and whether there could be procurement
preferences,” she said.

(Additional reporting by Alina Selyukh, Tiffany Wu and Joseph
Menn; editing by Ros Krasny and Jackie Frank)

The four powerful senators – Democrats Carl Levin and Jay
Rockefeller and Republicans John McCain and Tom Coburn – joined
together to launch the Deter Cyber Theft Act.

The proposed law aims to combat the theft of intellectual
property from U.S. companies, which spend billions in research
and development only to be targeted by foreign firms and
countries that illegally access their data and use it to compete
against them.

General Keith Alexander, head of the U.S. National Security
Agency and commander of the U.S. Cyber Command, has called the
growing problem the “greatest transfer of wealth in history.”

China is accused of being the biggest culprit in theft
attempts against U.S. companies. American lawmakers have said
U.S. companies suffered estimated losses in 2012 of more than
$300 billion due to trade-secret theft, much of it due to
Chinese cyber espionage.

Levin, chairman of the Armed Services Committee, said the
new law would help protect American businesses and innovation.

“We need to call out those who are responsible for cyber
theft and empower the president to hit the thieves where it
hurts most – in their wallets, by blocking imports of products
or from companies that benefit from this theft,” Levin said in a
statement.

McCain, a powerful voice in the Senate on armed services and
foreign affairs issues, said the bill would give President
Barack Obama authority to target those who try to benefit from
cyber crime.

A divided U.S. Congress has not approved much legislation in
recent years, given a string of partisan fiscal battles.

But with lawmakers on both sides of the political aisle
acknowledging that cyber security is a rising concern, this
bipartisan measure – sponsored by leading senators – will likely
draw plenty of interest.

A senior Democratic aide described cyber security as a “huge
priority,” for Senate Majority Leader Harry Reid.

The proposed act would require the Director of National
Intelligence to compile an annual report that includes a list of
nations that engage in economic or industrial espionage in
cyberspace against U.S. firms or individuals. It would include a
priority watch list of the worst offenders.

The report would also include a list of U.S. technologies
targeted by the espionage, details of what had been stolen and a
list of items produced using the stolen information.

The DNI’s report would also list countries that had
benefited from the theft and the action taken by the U.S.
government to combat cyber espionage.

Under the proposed law, the president would be required to
block imports of products containing stolen U.S. technology or
products made by state-owned enterprises of nations on the DNI’s
priority watch list that are similar to items identified as
being made using stolen technology.

(Reporting by Deborah Charles; Additional reporting by Thomas
Ferraro; Editing by David Brunnstrom)

Without confirming that Israel was behind the attacks, the intelligence official said that the United States was essentially told of the air raids “after the fact” and was notified as the bombs went off.

Israeli jets bombed Syria on Sunday for the second time in 48 hours. Israel does not confirm such missions explicitly – a policy it says is intended to avoid provoking reprisals. But an Israeli official acknowledged that the strikes were carried out by its forces.

“It would not be unusual for them to take aggressive steps when there was some chance that some sophisticated weapons system would fall into the hands of people like Hezbollah,” the U.S. intelligence official told Reuters, speaking on condition of anonymity.

While the air raids raised fears that America’s main ally in the Middle East could be sucked into the Syrian conflict, Israel typically does not feel it has to ask for a green light from Washington for such attacks.

Officials have indicated in the past that Israel sees a need only to inform the United States once such a mission is under way.

U.S. President Barack Obama said on Saturday that Israel has the right to guard against the transfer of advanced weapons to Hezbollah, an ally of both Syria and Iran.

Rather than an attempt to tip the scales against Syrian President Bashar al-Assad, Israel’s action is seen more as part of its own conflict with Iran, which it fears is sending missiles to Hezbollah in Lebanon through Syria. Those missiles might hit Tel Aviv if Israel makes good on threats to attack Tehran’s nuclear program.

Another Western intelligence source told Reuters the latest attack, like the previous one, was directed against stores of Fateh-110 missiles in transit from Iran to Hezbollah.

People were woken in the Syrian capital by explosions that shook the ground like an earthquake and sent pillars of flames high into the night sky. Syrian state television said bombing at a military research facility at Jamraya and two other sites caused “many civilian casualties and widespread damage,” but it gave no details. The Jamraya compound was also a target for Israel on January 30.

The U.S. intelligence official said additional strikes in the future could not be ruled out.

“Any sophisticated weaponry that finds its way there (Syria)that looks to be destined to fall in the hands of bad actors, I think there is a likelihood that those could be targets as well,” the second official said.

ADDED PRESSURE

Obama has repeatedly shied away from deep U.S. involvement in the Syrian conflict, which erupted in 2011 and has killed an estimated 70,000 people and created more than 1.2 million refugees.

Hours after the Israeli attacks, several U.S. lawmakers voiced concern over the mounting uncertainty in the Middle East.

Influential Republican lawmaker John McCain said Israel’s air strikes on Syria could add pressure on the Obama administration to intervene, but the U.S. government faces tough questions on how it can help without adding to the conflict.

“We need to have a game-changing action, and that is no American boots on the ground, establish a safe zone and to protect it and to supply weapons to the right people in Syria who are fighting, obviously, for the things we believe,” McCain said on “Fox News Sunday.”

“Every day that goes by, Hezbollah increases their influence and the radical jihadists flow into Syria and the situation becomes more and more tenuous,” he said.

U.S. Defense Secretary Chuck Hagel said last week that Washington was rethinking its opposition to arming the Syrian rebels. He cautioned that giving weapons to the forces fighting Assad was only one option, which carried the risk of arms finding their way into the hands of anti-American extremists among the insurgents.

The United States has said it has “varying degrees of confidence” that chemical weapons have been used in Syria on a limited scale, but is seeking more evidence to determine who used them, how they were used and when.

(Additional reporting by Caren Bohan, Roberta Rampton and Eric Beech; Editing by Alistair Bell and David Brunnstrom)

Hours after Israeli jets bombed Syria on Sunday for the second time in 48 hours, several top U.S. lawmakers voiced concern over the cascading uncertainty in the Middle East where a civil war has been raging in Syria for more than two years.

Republican Senator John McCain said the latest Israeli air strikes, described by a Western source as attacks on Iranian missiles bound for Lebanon’s Hezbollah, will just put more pressure on the administration to act although President Barack Obama has said he has no plans to send ground troops to Syria.

“We need to have a game-changing action, and that is no American boots on the ground, establish a safe zone and to protect it and to supply weapons to the right people in Syria who are fighting, obviously, for the things we believe,” McCain said on “Fox News Sunday.”

“Every day that goes by, Hezbollah increases their influence and the radical jihadists flow into Syria and the situation becomes more and more tenuous,” he said.

U.S. Defense Secretary Chuck Hagel said last week that Washington was rethinking its opposition to arming the Syrian rebels. He cautioned that giving weapons to the forces fighting President Bashar al-Assad was only one option, which carried the risk of arms finding their way into the hands of anti-American extremists among the insurgents.

Obama said on Saturday that Israel has the right to guard against the transfer of advanced weapons to Hezbollah, but his administration has not commented further on the air strikes.

The United States has said it has “varying degrees of confidence” that chemical weapons have been used by Syria’s government on its people, which violates a “red line” that Obama had established against such action.

The United States is seeking more evidence to determine whether and how chemical weapons have been used. Obama, who has said he does not envision sending U.S. troops to Syria regardless of whether chemical weapons use is determined, has said he has a number of other options under review.

Obama has repeatedly shied away from deep U.S. involvement in the Syrian conflict, which erupted in 2011 and has killed an estimated 70,000 people and created more than 1.2 million refugees.

FOREIGN FIGHTERS

White House deputy spokesman Josh Earnest told reporters on Air Force One on Sunday that the White House was “horrified” by reports that more than 100 people were executed on May 2 in Baida, Syria.

State forces and militias loyal to Assad stormed the coastal village on Thursday and a pro-opposition monitoring group said many of those killed appeared to have been executed by shooting or stabbing.

McCain criticized Obama for failing to intervene to stop that massacre and for not acting when the chemical weapons red line was crossed.

Republican Representative Mike Rogers, chairman of the House Intelligence Committee, described the situation in the Middle East as “deteriorating by the day” because of the massive influx of foreign fighters pouring into Syria that could reach more than 10,000 this year.

“Hezbollah is now moving troops – Hezbollah troops, financed by Iran – across Syria. They’re engaged in the fight to protect the Assad regime,” Rogers said on CBS’s “Face the Nation.” “You have the al-Nusra Front, which is an al Qaeda front organization in the thousands showing up.”

He said all fighters were trying to get their hands on chemical weapons and more sophisticated conventional arms. In addition, refugees were fleeing the country and threatened to add more instability to the region.

“This is as bad a situation I have seen in a long time that has an opportunity to cascade,” Rogers said.

He said the United States needed to provide leadership through intelligence and training to the opposition, and work with the Arab League to help stabilize the situation in Syria.

(Reporting by Deborah Charles and Caren Bohan; Additional reporting by Roberta Rampton and Eric Beech; Editing by Eric Beech)

The Department’s Customs and Border Protection issued a memo ordering agents “effective immediately” to check all students against the Student and Exchange Visitor Information System database of international students and schools, according to an official who had seen the memo.

The department is under fire for not properly checking the student status of Azamat Tazhayakov, a friend of one of the bombing suspects, when he entered the country illegally on a student visa in January.

Tazhayakov, who had a student visa that was valid until August 30, 2013, was allowed into the United States on January 20, 2013, according to the Department of Homeland Security. Tazhayakov was one of three 19-year-old men charged this week with interfering with the investigation into last month’s bombing by hiding a backpack and fireworks found in the dorm room of bombing suspect Dzhokhar Tsarnaev.

The customs officer did not know that Tazhayakov, a classmate of Tsarnaev’s, had been dismissed from the University of Massachusetts, Dartmouth, for academic reasons on January 4, according to the department. A student visa is terminated when the student is dismissed from school or fails to enroll.

A U.S. official said the customs officer did not check the SEVIS database – which was updated when Tazhayakov was dismissed from the university – when Tazhayakov arrived in January. As a result, the officer allowed the Kazakh into the United States.

“DHS is reforming the student visa system to ensure that CBP is provided with real time updates on all relevant student visa information,” the Department of Homeland Security said in a statement obtained on Friday.

The department was created after the September 11, 2001, hijacked airliner attacks in part to fix problems in the immigration system that allowed the hijackers to enter the United States on student visas and learn to fly airplanes.

Senator Charles Grassley, an Iowa Republican, sent a letter to Homeland Security Secretary Janet Napolitano on Thursday demanding answers to questions about the student visas of Tazhayakov and Dias Kadyrbayev, another Kazakh man who was charged with interfering with the bombing investigation.

Grassley asked if Kadyrbayev was also in violation of his student visa. He said he wanted to know what the government was doing to ensure that individuals with student visas were not violating the requirements of those visas.

Authorities accuse Tsarnaev and his older brother of detonating two bombs at the Boston Marathon on April 15, killing three people and wounding 264.

Dzhokhar Tsarnaev, 19, was arrested on April 19 after a shootout with police in Watertown, Massachusetts, and charged with crimes that could bring the death penalty if he is convicted. His brother, Tamerlan Tsarnaev, 26, was killed in the shootout.

(Editing by Mohammad Zargham)

(Reuters) – Federal prosecutors filed criminal charges on Thursday against a Mississippi man, who worked as an Elvis impersonator, for threatening to harm President Barack Obama by sending him a letter that initially tested positive for the deadly poison ricin.

Paul Kevin Curtis, 45, was believed to have sent three letters, all with identical wording and type-written on yellow paper, to Obama, U.S. Senator Roger Wicker of Mississippi and Justice Court Judge Sadie Holland of Lee County, Mississippi.

The FBI confirmed the presence of ricin in the letters to Obama and Wicker, but said it is “not aware of any illness as a result of exposure to these letters.”

A criminal complaint filed in U.S. District Court for the Northern District of Mississippi charged Curtis with threatening to harm Obama and making other threats through the U.S. Postal Service.

If convicted, Curtis, of Corinth, Mississippi, faces maximum penalties of 15 years in prison and $500,000 in fines plus three years supervised release.

Wearing handcuffs and leg shackles, Curtis appeared in court in Oxford, Mississippi. Local media reported that he made no comments except to say “yes ma’am” when the judge asked if he understood what was happening. His lawyer told reporters outside the court that Curtis was not guilty.

The Oxford Eagle newspaper said the government was requesting that Curtis be held without bond because they believe he is a “danger to the community.”

Curtis struggled for years with mental illness and had stopped taking medication for a bipolar diagnosis, according to a statement from the Curtis family released on Thursday by Kevin Curtis’ lawyer.

The poison scare put Washington on edge the same week that bombings at the Boston Marathon killed three people and injured 176 on Monday, but the FBI said there was no indication the incidents were connected.

Though no new incidents were reported on Thursday, officials were jittery on Capitol Hill this week as several lawmakers reported receiving suspicious letters or packages. Law enforcement officials shut down parts of two Senate buildings on Wednesday in response to the suspicious items which proved harmless.

Senate Sergeant at Arms Terrance Gainer issued a statement on Wednesday urging caution and understanding “during this time of heightened alert.”

SAME THREATENING LETTER

According to an affidavit signed by FBI Special Agent Brandon Grant and Secret Service Special Agent Victor Dickerson, all three letters contained a “suspicious granular substance” and the same eight line threatening message:

“No one wanted to listen to me before.

There are still ‘Missing Pieces’

Maybe I have your attention now

Even if that means someone must die

This must stop.

To see a wrong and not expose it,

Is to become a silent partner to its continuance

I am KC and I approve this message.”

In September 2010, Curtis posted on his blog that he was writing a novel about black-market body parts titled “Missing Pieces.”

The letter to Wicker, which arrived at the Senate Mail Facility in Landover, Maryland, without a return address, was discovered on Tuesday.

Wicker told reporters he had hired Curtis once as an Elvis impersonator. “I have indeed met the gentleman before,” the Capitol Hill newspaper Roll Call cited Wicker as saying. “He’s an Elvis impersonator. He entertained at a party my wife and I helped give for a young couple that were getting married. Quite entertaining.”

The affidavit by the FBI and Secret Service agents said field tests of the suspicious substance in Wicker’s letter had given mixed results, but further testing by the Laboratory Response Network – set up to help ensure an effective laboratory response to bioterrorism – showed the substance was “highly reactive” for ricin.

Ricin is a lethal poison found naturally in castor beans, but it takes a deliberate act to convert it into a biological weapon. Ricin can cause death within 36 to 72 hours from exposure to an amount as small as a pinhead.

No known antidote exists and the affidavit said it is extremely difficult to detect as the cause of death.

There was another ricin scare at the U.S. Capitol in 2004, when tests showed positive on a letter in a Senate mail room that served the office of Bill Frist, a Tennessee Republican who was then Senate majority leader.

The affidavit said Curtis had previously sent multiple communications to Wicker’s office that included the phrase “this is Kevin Curtis and I approve this message”.

The letter to Obama was also found on Tuesday and a field test showed the substance was positive for ricin. There was no return address on the envelope which, like the others, was postmarked on April 8 in Memphis, Tennessee.

The letter to Holland contained a granular substance like the others, although that substance has not yet been tested. Her letter was the only one that was delivered; the two addressed to Obama and Wicker were stopped at outside mail facilities.

Police in Booneville, Mississippi said Curtis had been investigated on several occasions. The affidavit cited one instance in 2007 when his ex-wife said Curtis was “extremely delusional, anti-government and felt the government was spying on him with drones.”

(Writing by Deborah Charles; editing by Christopher Wilson)