Senate Cybersecurity Bill Introduced

Sen. Lieberman warns of 9/11-type cyber attack if defenses are not strengthened
Author:
Publish date:

Saying it reflects input from companies and
telecommunications trade associations among many others -- The National Cable
& Telecommunications Association had no comment one way or the other -- a
number of senators led by Senate Commerce Committee Chairman Jay Rockefeller
(D-W. Va.) have introduced new cybersecurity
legislation.

Saying
"essential life services were at stake, Rockefeller and company introduced
the Cyber-security Act of 2012 (S. 2105),
which they were quick to point out bore no relation to antipiracy legislation
shot down in the last Congress. "The Senators stressed that the
Cyber-security Act of 2012 in no way resembles the Stop Online Piracy Act or
the Protect Intellectual Property Act, which involved the piracy of copyrighted
information on the internet," said Rockefeller's office in announcing the
bill.

"I
can't think of a more urgent issue facing this country," Rockefeller said in
announcing the bill.  "Hackers are stealing information from Fortune 500
companies, breaking into the networks of our government and security agencies
and toying with the networks that power our economy. The new frontier in the
war against terrorists is being fought online and this bill will level the
playing field. "

Sen.
Joe Lieberman of (I-Conn.) one of the bill's co-sponsors, took to the Senate
 floor to give a shout out to the bill, and the support of Sen. Harry Reid
(D-Nev.), who he said helped pull the bill together.

Lieberman
pointed to the $300 million the President's budget puts toward Cyber-security
efforts as a sign of the administration's commitment. He said the U.S. was being bled by cyber
thieves, while enemies were probing our cyber-defenses for weakness; defenses
he said were "blinking red." He warned of the potential of a
9/11-like cyber attack and called for passage before such an event happened.

Lieberman
says the bill does not have a "kill switch" that allows the President in an
emergency to take over the Internet and that nothing in the bill touches on the
Stop Online Piracy Act. He said there were still piracy concerns that needed to
be addressed.

According
to a summary, the bill would include requiring that:

1)
The Department of Homeland Security (DHS) assess the risks/vulnerabilities of
critical infrastructure -- which would obviously include broadband networks run
by cable and telephone companies -- to determine which of those should have to
meet a set of security standards.  Cable ops and others would have the right
to appeal a designation;

2)
DHS work with those owners/operators to develop "risk-based" network
performance requirements based ideally on current industry practices, which if
sufficient would require no new requirements;

3)
Owners of a "covered system" -- again, that would likely include
cable operators -- determine how best to meet whatever requirements were
needed, then prove it was meeting them, either through self-certification or an
outside assessment;

4)
Current industry regulators keep doing what they are doing in terms of
overseeing the relevant sector;

5)
Information be shared between/among the private sector and the federal
government about threats, best practices, and best fixes, "while maintaining
civil liberties and privacy;"

6)
DHS consolidate cybersecurity programs into a new National Center for Cybersecurity and
Communications;

7)
The government reform the Federal Information Security Management Act.

NCTA
has supported more coordination with government about cybersecurity attacks and
threats, and backed a House bill introduced in November 2011, the Cyber
Intelligence Sharing and Protection Act of 2011
,
that would increase info sharing while immunizing the private sector from
criminal or civil liability for using cybersecurity systems, sharing
information, or not acting on information obtained or shared. It even hosted a
coming out party for the bill at NCTA headquarters.

In
fact, NCTA has long argued for strong industry-government partnerships and the
ability for businesses to respond to online threats. The latter was one of the
cable industry's arguments in the network neutrality debate for the need for
flexible network management.

Related