Senate Compromise Cybersecurity Bill Offered Up

Publish date:
Updated on

Senate sponsors of a cybersecurity bill -- three Democrats, one Republican and an independent -- have introduced a compromise version they concede is weaker than their original bill, but say they need to get something passed. The days are dwindling until Congress exits to get itself re-elected.

The bill would establish a multiagency National Cybersecurity Council to assess critical infrastructure, but would allow private industry to develop and recommend voluntary cybersecurity practices and standards for approval by the council. Originally the Department of Homeland Security would have been charged with enforcing the standards, which did not sit well with some industry players and Republicans.

The standards and practices would be part or a voluntary program, but those who did not volunteer would not get the benefits of liability protection -- something Cable ISPs definitely want -- expedited security clearances and priority help with cybersecurity problems.

The bill's sponsors are Commerce Committee Chairman Jay Rockefeller IV, (D-W.Va.), Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman (ID-Conn.), Susan Collins, R-Maine, Select Intelligence Committee Chairman Dianne Feinstein (D-Calif.), and Federal Financial Management Subcommittee Chairman Tom Carper (D-Del.).

They concede the bill is not as "strong," but they say legislation is urgently needed and so have offered up what they say is "a good faith effort to secure enough votes to address the immediate threat of attack from foreign nations, "hacktivists," criminals, and terrorists against the nation's most critical cyber systems.

Other highlights of the bill, according to the Senate Commerce Committee:

* Creates no new regulators and provides no new authority for an agency to adopt standards that are not otherwise authorized by law. Current industry regulators would continue to oversee their industry sectors.

* Permits information-sharing among the private sector and the federal government to share threats, incidents, best practices, and fixes, while preserving the civil liberties and privacy of users.

* Requires designated critical infrastructure -- those systems which if attacked could cause catastrophic consequences -- to report significant cyber incidents.

* Requires the government to improve the security of federal civilian cyber networks through reform of the Federal Information Security Management Act. "

What the bill does not do, the committee takes pains to point out, is affect copyrighted information, and so "in no way resembles the Stop Online Piracy Act or the Protect Intellectual Property Act. Any suggestion of a return of legislation related to SOPA/PIPA gets an immediate rise out of Silicon Valley, as witness the creation this week of the Internet Defense League.