As expected, a new Republican-backed cybersecurity bill emphasizes industry self-regulation, in collaboration and communication with government, rather than having the Department of Homeland Security come up with "risk-based" performance requirements for networks, as a Senate Democrat-backed bill introduced last month would do.
"Rather than arming Homeland Security with expansive new regulatory authority over every sector of our economy," said Senator Lisa Murkowski (R-Alaska) Thursday, "the SECURE IT cyber bill we've introduced today emphasizes a partnership approach between the government and private entities. By focusing on those areas like information sharing where bipartisan agreement is achievable, we can tackle the cyber issue in a meaningful and constructive way."
"Instead of the heavy hand of the government, our approach promotes information sharing and keeps the taxpayers' wallets close," said co-sponsor Senator Charles Grassley (R-Iowa).
"We are glad to see other senators recognize the severity of this threat and the need to protect the country's infrastructure from malicious and dangerous cyber-attacks," said Vincent Morris, communications director of the Democrat-led Senate Commerce Committee -- chairman Jay Rockefeller (D-W. Va.) sponsored the Democratic cybersecurity bill. "We're still convinced that you can't get there without some new rules but we're eager for the debate to begin," said Morris.
According to its sponsors, the SECURE IT Act would:
- "Improve cybersecurity by collaborating with industry and eliminating barriers to enhanced information sharing.
- Create expedited information sharing for private sector using existing structures and reporting relationships.
- Require federal contractors who provide telecommunications or cybersecurity services for the federal government to report to the government cyber threat information related to those services.
- Strengthen criminal statutes for cybercrimes.
- Update the Federal Information Security Management Act (FISMA) and preserve the roles of the National Institute of Standards and Technology (NIST) and the Department of Commerce in disseminating security standards for the federal government.
- Leverage and strengthen existing programs in cybersecurity research and development."
To compare it with the Democratic version, click here.