Senators Unveil Cybersecurity Bill to Empower Homeland Security
After years of deliberations and several false starts, a bipartisan group of lawmakers introduce cybersecurity overhaul that would authorize the Department of Homeland Security to oversee security at critical infrastructure providers, improve system of sharing information about threats.
Wed, February 15, 2012
CIO — A bipartisan group of senators representing three committees on Tuesday introduced long-awaited cybersecurity legislation, a comprehensive bill that would give the Department of Homeland Security new authorities over critical private-sector infrastructure and seek to encourage the sharing of information about threats and attacks between government and industry.
The Cybersecurity Act of 2012 would direct the Department of Homeland Security to work in concert with industry members and relevant government agencies to conduct a series of risk assessments and determine which private-sector firms would be deemed to operate "covered critical infrastructure," a crucial designation that would determine whether a private-sector entity could be subjected to new regulatory oversight.
The bill lays out a set of broad guidelines for DHS to use in its evaluations. A covered critical infrastructure provider would be an entity on which a cyber attack could result in "the interruption of life-sustaining services" such as energy or transportation that could cause massive casualties or widespread evacuations, or cause "catastrophic economic damage to the United States" or "severe degradation of national security or national security capabilities."
Avoiding 'Cyber 911'
Sen. Joe Lieberman (I-Conn.), one of the bill's sponsors, took to the Senate floor on Tuesday to make an urgent case that a comprehensive overhaul of the nation's cybersecurity regime is needed to avert a "cyber 9/11."
"The aim of this bill is to make sure that we don't scramble here in Congress after such an attack to do what we can and should do today," said Lieberman, who chairs the Homeland Security and Governmental Affairs Committee. "The fact is that our cyber defenses are not what they should be, but such as they are, they are blinking red."
Joining Lieberman as original sponsors of the bill were Susan Collins (Maine), the ranking Republican on the homeland security panel, Commerce Committee Chairman John Rockefeller (D-W.V.) and Dianne Feinstein (D-Calif.), who chairs the Select Committee on Intelligence.
The bill is the product of some three years of active work to draft legislation that achieve an update and expansion of federal regulatory authorities to deal with the modern threat landscape and the increasing digitization of vital systems, such as the electrical grid and financial services, without overreaching and saddling private operators with a burdensome compliance mandate.
It hasn't been an easy balance to strike. Various legislative proposals have drawn sharp criticism from industry groups for the new regulations they would create and digital rights groups for potential privacy intrusions, while the now-discarded idea of giving the president expanded authorities to shut down networked systems in the event of a major cyber attack proved a lightning rod for criticism. That so-called "kill switch" provision was interpreted by opponents to mean that the president would have the unchecked authority to shut down the Internet after declaring a state of cyber emergency. Lieberman sought to defuse that charge as he introduced the new legislation.