Citing Crisis, Senate Leader Puts Cybersecurity Bill On 2012 Agenda

Citing a looming crisis over lax computer security, Senate Majority Leader Harry Reid said on Wednesday that the Senate will debate cybersecurity legislation. The move comes despite the lack of a coherent Senate plan and could set up a showdown with House Republicans over the government’s role in forcing industry to strengthen cyber protections, according to a report by The Hill.

SenateCiting a looming crisis over lax computer security, Senate Majority Leader Harry Reid said on Wednesday that the Senate will debate cybersecurity legislation. The move comes despite the lack of a coherent Senate plan and could set up a showdown with House Republicans over the government’s role in forcing industry to strengthen cyber protections, according to a report by The Hill.

Reid sent a letter to Senate Minority Leader Mitch McConnell detailing plans to bring comprehensive cybersecurity legislation to the floor of the Senate for debate early in 2012. The move was greeted with approval by both Republican and Democratic members of the Senate Homeland Security and Governmental Affairs Committee.

“Every day Congress fails to strengthen the cyber security of the nation’s critical infrastructure is another day of unacceptable risk for our country. Hackers, criminals, and antagonistic foreign powers are maliciously probing our cyber defenses every day on an unprecedented scale, and it is no secret they have found our defenses to be vulnerable,” said the letter, which was signed by Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman (ID-Conn), Ranking Member Susan Collins (R-Maine) and Federal Financial Management Subcommittee Chairman Tom Carper (D-Del).

The move comes amid increasingly urgent warnings from Congress, which has worked without success to revamp the nation’s cyber security laws to address a new generation of sophisticated, nation-backed attacks on government networks and critical infrastructure. Government watchdogs like the Government Accountability Office (GAO) have been warning for years about the vulnerability of the nation’s critical infrastructure, including electricity distribution and energy, to cyber attack. GAO has also been critical of efforts by the government to unify its cyber security operations.
There were 20 cyber security related bills introduced in the Senate this year, and another 12 in the House. Though its not clear exactly what the bill taken up next year will look like, its likely to be similar to S 413, The Cybersecurity and Internet Freedom Act of 2011, which came out of the the Homeland Security and Governmental Affairs Committee in February with bipartisan support.

Capitol Hill watchers say that cybersecurity legislation may be one of a short list of issues that can find enough bipartisan support to pass Congress in an election year and get signed into law. Still, The Hill notes that there’s still plenty of daylight between the Senate’s plans and htose of the House, which tilts in the direction of industry self-regulation in all but a handful of cases and does not provide government regulators with tools (such as fines) to force compliance.

Suggested articles

Discussion

  • Anonymous on

    oh yeah this is just what we need. 

  • US jack on

    how bout a standardised model instead of the triad divided by pie slices of license largess all comprimised by the same bias of competitive leverages with extensional  architechtures as practiced the corperite logic being to always  layer inclined to the left to right scripts with encryptions easily isolated under high speed analysis, any characteristic anomalous easily picked off,,, more like energy may it be, than flooded amounts overwhelmingly absurd the pretend privacies also comprimised by less than science or form of state biz seal priority methodology, not hard ask rim or the navajo, deciding or script codex schemetic one at a time or by cut & paste template overlay now thats art, or is it work, manual control of signs uniquely every commercially comprimised  lot accessment tracked, hostile or servile is what yer actually alluding to, most being domestic, unless of horse apps of robotic, digatolisis or absent human aut

  • Anupam Rawla on

    While there are several cyber security legislations in force for U.S., these are largely focused on government/federally controlled national critical infrastructure systems. Besides, there are many legal ambiguities e.g. U.S. response to an incident. Also, given that 85% of critical infrastructure in U.S. is privately controlled, and lack of coordination between the private sector-government/agencies within the government, the raging debate amongst the politicians is that there is no legislation that addresses cyber security effectively and/or holistically.  But I don’t think legislation in itself can be a panacea or even straightforward to coin (50 odd bills have been proposed & sitting on the floor for sometime). Given that cyber criminality is a rapidly evolving game, with rise of malware, integration of mobile technology into critical information infrastructure and the cyber perpetrators can strike from difficult to track locations, I believe there is a dire need for private sector and the government to work cohesively. In addition to a strong legislation with penalties for breaches there needs to be incentives for the private sector on research and innovation. Look at some of the security incentives being proposed by industry groups: http://www.infosecurity-magazine.com/view/16494/industry-groups-back-incentives

    On the Canadian side we have similarities with the US in terms of the private sector sharing the responsibility for critical infrastructure, and over $90 million have been allocated for the cyber security strategy. An article published in Huffington post on May 26, 2011, Canada reflected quite a negative opinion: “Cyber Security: Canada Is Failing The World” http://www.huffingtonpost.ca/2011/05/26/cyber-security-canada-stephen-harper-g8_n_867136.html That is quite a dramatic opinion of the post. My opinion is that Canada has improved on many fronts both at a public sector and private sector level e.g. in a recent TELUS – Rotman study- Nov, 2011, the number of breaches and the cost of breaches has actually fallen compared to the previous year. Look at www.telus.com/securitystudy.   

    I think the private sector in Canada works much more cohesively with the government compared to the US. Having said that much more needs to be done – such as innovation/research by private sector should be incentivized by the government to get some real traction across the board on our cyber security strategy.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.