A bipartisan group of Senators introduced the Cybersecurity Act of 2012 yesterday. The bill aims to secure federal and private sector networks that provide essential services or that are deemed “critical” to the nation in some other way.
According to a Homeland Security and Government Affairs Committee press release, the Cybersecurity Act of 2012 seeks to establish a public-private partnership to secure systems that, if overtaken or destroyed altogether, could cause “mass deaths, evacuations, disruptions to life-sustaining services, or catastrophic damage to the economy or national security.”
Not included in the bill are controversial provisions from a previous version of the bill that would grant the president emergency authorities and create a special White House cybersecurity office.
The bill was introduced by Homeland Security and Governmental Affairs Committee (HSGAC) Chairman Joe Lieberman (I-CT), Ranking Member Susan Collins (R-ME), Commerce Committee Chairman Jay Rockefeller (D-WV), and Select Intelligence Committee Chairman Dianne Feinstein (D-Ca).
Despite a rancorous political climate, there is consensus on Capitol Hill that some cybersecurity bill is necessary. But partisan differences flared even on legislation with bipartisan support. On the same day that the bill was introduced, a number of prominent Republican Senators, John McCain among them, signed a letter to Senate Majority Leader Harry Reid and Minority Leader Mitch McConnell, requesting that other relevant committees be given the opportunity to review and revise the bill before it goes to a vote.
Specifically, the bill would require that the DHS assess risks and vulnerabilities in critical infrastructure systems and determine if those systems should be required to meet certain risk-based security standards. Owners of such systems would be given the opportunity to appeal DHS decisions if they believe their systems were wrongly designated.
As for compliance, the owners of designated systems would have the choice of being regulated by a third-party assessor or they could choose to assess their own systems and self-certify.
“This bill would begin to arm us for battle in a war against the cyber mayhem that is being waged against us by our nation’s enemies, organized criminal gangs, and terrorists who would use the Internet against us as surely as they turned airliners into guided missiles,” Lieberman said in the statement. “The nation responded after 9/11 to improve its security. Now we must respond to this challenge so that a cyber 9/11 attack on America never happens.”
In the statement, the HSGAC is careful to make clear the Cybersecurity Act of 2012 is in no way related to and in no way resembles the Stop Online Piracy Act (SOPA), a controversial anti-piracy legislation that was shelved following a wide-ranging and heavily publicized online protest.