Senate Cybersecurity Bill Introduced

Sen. Lieberman warns of 9/11-type cyber attack if defenses are not strengthened

By John Eggerton -- Broadcasting & Cable, 2/14/2012 3:15:41 PM

Saying it reflects input from companies and telecommunications trade associations among many others -- The National Cable & Telecommunications Association had no comment one way or the other -- a number of senators led by Senate Commerce Committee Chairman Jay Rockefeller (D-W. Va.) have introduced new cybersecurity legislation.

Saying "essential life services were at stake, Rockefeller and company introduced the Cyber-security Act of 2012 (S. 2105), which they were quick to point out bore no relation to antipiracy legislation shot down in the last Congress. "The Senators stressed that the Cyber-security Act of 2012 in no way resembles the Stop Online Piracy Act or the Protect Intellectual Property Act, which involved the piracy of copyrighted information on the internet," said Rockefeller's office in announcing the bill.

"I can't think of a more urgent issue facing this country," Rockefeller said in announcing the bill.  "Hackers are stealing information from Fortune 500 companies, breaking into the networks of our government and security agencies and toying with the networks that power our economy. The new frontier in the war against terrorists is being fought online and this bill will level the playing field. "

Sen. Joe Lieberman of (I-Conn.) one of the bill's co-sponsors, took to the Senate  floor to give a shout out to the bill, and the support of Sen. Harry Reid (D-Nev.), who he said helped pull the bill together.

Lieberman pointed to the $300 million the President's budget puts toward Cyber-security efforts as a sign of the administration's commitment. He said the U.S. was being bled by cyber thieves, while enemies were probing our cyber-defenses for weakness; defenses he said were "blinking red." He warned of the potential of a 9/11-like cyber attack and called for passage before such an event happened.

Lieberman says the bill does not have a "kill switch" that allows the President in an emergency to take over the Internet and that nothing in the bill touches on the Stop Online Piracy Act. He said there were still piracy concerns that needed to be addressed.

According to a summary, the bill would include requiring that:

1) The Department of Homeland Security (DHS) assess the risks/vulnerabilities of critical infrastructure -- which would obviously include broadband networks run by cable and telephone companies -- to determine which of those should have to meet a set of security standards.  Cable ops and others would have the right to appeal a designation;

2) DHS work with those owners/operators to develop "risk-based" network performance requirements based ideally on current industry practices, which if sufficient would require no new requirements;

3) Owners of a "covered system" -- again, that would likely include cable operators -- determine how best to meet whatever requirements were needed, then prove it was meeting them, either through self-certification or an outside assessment;

4) Current industry regulators keep doing what they are doing in terms of overseeing the relevant sector;

5) Information be shared between/among the private sector and the federal government about threats, best practices, and best fixes, "while maintaining civil liberties and privacy;"

6) DHS consolidate cybersecurity programs into a new National Center for Cybersecurity and Communications;

7) The government reform the Federal Information Security Management Act.

NCTA has supported more coordination with government about cybersecurity attacks and threats, and backed a House bill introduced in November 2011, the Cyber Intelligence Sharing and Protection Act of 2011, that would increase info sharing while immunizing the private sector from criminal or civil liability for using cybersecurity systems, sharing information, or not acting on information obtained or shared. It even hosted a coming out party for the bill at NCTA headquarters.

In fact, NCTA has long argued for strong industry-government partnerships and the ability for businesses to respond to online threats. The latter was one of the cable industry's arguments in the network neutrality debate for the need for flexible network management.