McCain, GOP Leaders Intro Cybersecurity Bill Alternative
The Republican-proposed SECURE IT Act presents a much narrower vision than bipartisan comprehensive cybersecurity measure, adding no regulations and limiting focus to voluntary sharing of information about threats.
Thu, March 01, 2012
CIO — WASHINGTON -- A group of Republican senators on Thursday introduced cybersecurity legislation that they positioned as a far more limited alternative to the comprehensive, bipartisan bill introduced last month.
The so-called SECURE IT Actbacked by eight ranking members on various Senate committees and subcommittees that claim jurisdiction over some aspect of cybersecuritywould focus narrowly on provisions to facilitate the sharing of information about cyber threats, while avoiding the expanded regulatory oversight and compliance mandates provided for in the competing bill.
"The centerpiece of this legislation is a framework for voluntary information sharing," Sen. John McCain (R-Ariz.), the ranking member of the Armed Services Committee, said at a news conference announcing the bill. "In setting forth our information sharing framework we do not create any new bureaucracy. The goal is simple: to remove hurdles that prevent important information from being shared with the people who need it most."
McCain first signaled his intent to bring forward a GOP-backed bill last month at a hearing of the Homeland Security and Governmental Affairs Committee, on which he also serves. Joe Lieberman (I-Conn.), the chairman of that panel, along with Ranking Member Susan Collins (R-Maine) and two other Democrats had recently introduced their own bill, the Cybersecurity Act of 2012, that takes a far more sweeping approach, vesting the Department of Homeland Security with new authorities over private-sector networks, among other provisions.
McCain, a longtime critic of DHS, particularly in the context of cybersecurity oversight, blasted the Lieberman-Collins bill for expanding the regulatory authority of an agency that he has argued is struggling to fulfill its current mission.
The competing visions for cybersecurity reform both start from the consensus view that the status quo is insufficient to defend against the very real and dangerous threat of cyber attacks that could target critical infrastructure such as the systems that power electrical grids, financial exchanges or telecommunications networks. As a political matter, that starting point is no longer controversial.
"All of us understand the challenge, that we need to improve the current state of cybersecurity in this country," McCain said, citing a 2011 report (available in PDF format here) from the Government Accountability Office estimating that the volume of cyber attacks had increased 650 percent in the preceding five years. Even his 2008 presidential campaign operation came under attack by hackers, McCain said, "which means that they must have exhausted most of their other options." President Obama has said that his campaign was attacked as well.