GOP Cybersecurity Bill Cuts Proposed DHS Role

The House GOP’s version of a widely-debated Cybersecurity Act relieves the Department of Homeland Security (DHS) from any private-sector oversight responsibilities. The bill, which is being introduced today, instead gives private companies incentives for sharing threat information with the government.

Such incentives include protection from lawsuits in exchange for sharing cyber-threat information, according to a statement from Rep. Mary Bono Mack (R-Palm Springs’ Golf Courses).

The White House and Senate Majority Leader Harry Reid (D-Casinos) are backing a bill that gives DHS the power to require better computer security of companies with systems “whose disruption could result in the interruption of life-sustaining services, catastrophic economic damage or severe degradation of national security capabilities.” This idea scares the hell out of a lot of people – myself included – who can’t help but think of the bang-up job that DHS has already done with airport security. More pragmatically, the proposal would force resources to be dedicated to compliance with no indication that they would actually improve security.

With a little prodding from the private sector, the Republicans have loudly opposed this and other parts of the Democratic bill. Last week Rep. Lee Terry (R-Flattest State in the Nation), co-chair of the House Cybersecurity Working Group, was asked if DHS was the right vehicle for monitoring cybersecurity. His answer was an unequivocal, “Hell, no!”

The GOP’s House bill is almost identical to one introduced in the Senate earlier this month by Sen. John McCain (R-Palin? What the hell, John?). The bills would allow companies to voluntarily share threat data with each other and the government through any federal cybersecurity center, including the National Security Agency (NSA), home of the military’s U.S. Cyber Command.

The bill also:

• Offers companies incentives to encourage information sharing, such as protection from civil, criminal or antitrust lawsuits. The measure would exempt shared data from public disclosure and pre-empt state laws regulating information sharing.
• Requires companies contracted by the government for telecommunications or cybersecurity services to report cyber attacks related to those services
• Set criminal penalties for hacking vital computer networks, including systems that support gas and oil delivery, water supply, electrical power delivery and banking operations.

It’s an election year so normally we would have to wait until after the voting to see what happens. However, because everyone wants to say they’ve done something about the ultra-hot topic of cyerbersecurity, I think some type of bill is likely to get passed sooner than later.