Senate Pledges Cybersecurity Focus

Bill directs Congress to come up with a bipartisan solution

By John Eggerton -- Broadcasting & Cable, 1/23/2013 2:49:25 PM

Senate Democrats are staking out cybersecurity as a priority for this Congress after Congress failed last session to compromise on legislation to address a growing threat both sides acknowledge.

Senate Commerce Committee Chairman Jay Rockefeller (D-W.Va.) has introduced a bill, S. 21, which essentially declares that the Congress should take bipartisan legislative action on cybersecurity. If past is prologue, it will be easier said than done.

Generally speaking, the initial bills in a new Senate session serve to stake out the majority leaders' legislative priorities.

S. 21, the Cybersecurity and American Cyber Competitiveness Act of 2013, is essentially a statement of principal and an outline for hoped-for action.

The bill tees up the cybersecurity issue as one of serious threats to the U.S. economy and security and the solution as coming from "a new model of public-private collaboration, which fits the realities of the 21st century."

Republicans and Democrats were not able to compromise on a bill in the last Congress. The House passed a version that emphasized information sharing and insulating businesses from liability for that sharing. Democrats in the Senate wanted voluntary cyberprotection standards, but Republicans saw those as morphing into government dictates.

The bill includes a "sense of the Senate" portion that calls for a bipartisan bill 1) enhancing security and resiliency, 2) creating mechanisms for sharing cyberthreat info; 3) improving risk assessment; 4) promting research and development; 5) promoting training; 6) mitigating identity theft; 7) enhancing diplomacy; 8) expanding investigational tools; 9) protecting privacy.

"Throughout my five years of work on cyber, our military and national security officials and our country's top business executives have made it abundantly clear that the serious threats to our country grow every day," said Rockefeller. "The private sector and the government must work together to secure the networks that are vital to American businesses and communities. It is a priority this year to act on comprehensive cybersecurity legislation.

In a press conference Wednesday, Greg Walden (R-Ore.), chair of the House Communications Subcommittee, said the message he drew from three cybersecurity hearings he held in the last Congress was "first do no harm; don't overregulate." He said he thought the House bill had found "the right spot" going forward, with its emphasis on information sharing. "When you get too prescriptive, the bad guys know what the good guys are held accountable to, then they figure a way around it."

He said it was "a delicate area, but a serious one," and that he continued to have conversations with the heads of the relevant committees.

The President has threatened to issue an executive order on voluntary cybersecurity standards. Walden said that Congress' response to that would be limited, but added that he hoped the President would "hold off on that" and work with Congress to find common ground. He also said it was incumbent upon those about to be regulated by that executive order "to make their views known."