sponsors of a cybersecurity bill -- three Democrats, one Republican and an
independent -- have introduced a compromise version they concede is weaker than
their original bill, but say they need to get something passed. The days are
dwindling until Congress exits to get itself re-elected.
bill would establish a multiagency National Cybersecurity Council to assess
critical infrastructure, but would allow private industry to develop and
recommend voluntary cybersecurity practices and standards for approval by the
council. Originally the Department of Homeland Security would have been charged
with enforcing the standards, which did not sit well with some industry players
standards and practices would be part or a voluntary program, but those who did
not volunteer would not get the benefits of liability protection -- something
Cable ISPs definitely want -- expedited security clearances and priority help
with cybersecurity problems.
bill's sponsors are Commerce Committee Chairman Jay Rockefeller IV, (D-W.Va.),
Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman
(ID-Conn.), Susan Collins, R-Maine, Select Intelligence Committee Chairman
Dianne Feinstein (D-Calif.), and Federal Financial Management Subcommittee
Chairman Tom Carper (D-Del.).
concede the bill is not as "strong," but they say legislation is
urgently needed and so have offered up what they say is "a good faith
effort to secure enough votes to address the immediate threat of attack from
foreign nations, "hacktivists," criminals, and terrorists against the nation's
most critical cyber systems.
highlights of the bill, according to the Senate Commerce Committee:
no new regulators and provides no new authority for an agency to adopt
standards that are not otherwise authorized by law. Current industry
regulators would continue to oversee their industry sectors.
Permits information-sharing among the private sector and the federal government
to share threats, incidents, best practices, and fixes, while preserving the
civil liberties and privacy of users.
Requires designated critical infrastructure -- those systems which if attacked
could cause catastrophic consequences -- to report significant cyber incidents.
Requires the government to improve the security of federal civilian cyber
networks through reform of the Federal Information Security Management Act.
the bill does not do, the committee takes pains to point out, is affect
copyrighted information, and so "in no way resembles the Stop Online
Piracy Act or the Protect Intellectual Property Act. Any suggestion of a return
of legislation related to SOPA/PIPA gets an immediate rise out of Silicon
Valley, as witness the creation this week of the Internet