Skip to main content

Senate Compromise Cybersecurity Bill Offered Up

sponsors of a cybersecurity bill -- three Democrats, one Republican and an
independent -- have introduced a compromise version they concede is weaker than
their original bill, but say they need to get something passed. The days are
dwindling until Congress exits to get itself re-elected.

bill would establish a multiagency National Cybersecurity Council to assess
critical infrastructure, but would allow private industry to develop and
recommend voluntary cybersecurity practices and standards for approval by the
council. Originally the Department of Homeland Security would have been charged
with enforcing the standards, which did not sit well with some industry players
and Republicans.

standards and practices would be part or a voluntary program, but those who did
not volunteer would not get the benefits of liability protection -- something
Cable ISPs definitely want -- expedited security clearances and priority help
with cybersecurity problems.

bill's sponsors are Commerce Committee Chairman Jay Rockefeller IV, (D-W.Va.),
Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman
(ID-Conn.), Susan Collins, R-Maine, Select Intelligence Committee Chairman
Dianne Feinstein (D-Calif.), and Federal Financial Management Subcommittee
Chairman Tom Carper (D-Del.).

concede the bill is not as "strong," but they say legislation is
urgently needed and so have offered up what they say is "a good faith
effort to secure enough votes to address the immediate threat of attack from
foreign nations, "hacktivists," criminals, and terrorists against the nation's
most critical cyber systems.

highlights of the bill, according to the Senate Commerce Committee:

  • Creates
    no new regulators and provides no new authority for an agency to adopt
    standards that are not otherwise authorized by law.  Current industry
    regulators would continue to oversee their industry sectors.
  • Permits information-sharing among the private sector and the federal government
    to share threats, incidents, best practices, and fixes, while preserving the
    civil liberties and privacy of users.
  • Requires designated critical infrastructure -- those systems which if attacked
    could cause catastrophic consequences -- to report significant cyber incidents.
  • Requires the government to improve the security of federal civilian cyber
    networks through reform of the Federal Information Security Management Act.

the bill does not do, the committee takes pains to point out, is affect
copyrighted information, and so "in no way resembles the Stop Online
Piracy Act or the Protect Intellectual Property Act. Any suggestion of a return
of legislation related to SOPA/PIPA gets an immediate rise out of Silicon
Valley, as witness the creation this week of the InternetDefense League.