Senate Democrats are staking out cybersecurity
as a priority for this Congress after Congress failed last session to
compromise on legislation to address a growing threat both sides acknowledge.
Senate
Commerce Committee Chairman Jay Rockefeller (D-W.Va.) has introduced a bill, S.
21, which essentially declares that the Congress should take bipartisan
legislative action on cybersecurity. If past is prologue, it will be easier
said than done.
Generally
speaking, the initial bills in a new Senate session serve to stake out the
majority leaders' legislative priorities.
S.
21, the Cybersecurity and American Cyber Competitiveness Act of 2013,
is essentially a statement of principal and an outline for hoped-for action.
The
bill tees up the cybersecurity issue as one of serious threats to the U.S. economy and security
and the solution as coming from "a new model of public-private
collaboration, which fits the realities of the 21st century."
Republicans
and Democrats were not able to compromise on a bill in the last Congress.
The House passed a version that emphasized information sharing and insulating
businesses from liability for that sharing. Democrats in the Senate wanted
voluntary cyberprotection standards, but Republicans saw those as morphing into
government dictates.
The
bill includes a "sense of the Senate" portion that calls for a
bipartisan bill 1) enhancing security and resiliency, 2) creating mechanisms
for sharing cyberthreat info; 3) improving risk assessment; 4) promting
research and development; 5) promoting training; 6) mitigating identity theft;
7) enhancing diplomacy; 8) expanding investigational tools; 9) protecting
privacy.
"Throughout
my five years of work on cyber, our military and national security officials
and our country's top business executives have made it abundantly clear that
the serious threats to our country grow every day," said Rockefeller.
"The private sector and the government must work together to secure the
networks that are vital to American businesses and communities. It is a
priority this year to act on comprehensive cybersecurity legislation.
In
a press conference Wednesday, Greg Walden (R-Ore.), chair of the House
Communications Subcommittee, said the message he drew from three cybersecurity
hearings he held in the last Congress was "first do no harm; don't
overregulate." He said he thought the House bill had found "the right
spot" going forward, with its emphasis on information sharing. "When
you get too prescriptive, the bad guys know what the good guys are held
accountable to, then they figure a way around it."
He
said it was "a delicate area, but a serious one," and that he
continued to have conversations with the heads of the relevant committees.
The
President has threatened to issue an executive order on voluntary cybersecurity
standards. Walden said that Congress' response to that would be limited, but
added that he hoped the President would "hold off on that" and work
with Congress to find common ground. He also said it was incumbent upon those
about to be regulated by that executive order "to make their views known."
