Sen. John McCain (R-Ariz.) led a group of Republican senators Thursday in introducing the Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology Act (SECURE IT), an alternative to legislation proposed by Democratic committee chairmen last month.
The Democratic proposal, which has some bipartisan support, would empower the Department of Homeland Security (DHS) to set up regulations for the companies owning or operating designated critical infrastructure to maintain cybersecurity safeguards. Under the act known as the Cybersecurity Act of 2012 (S 2105), companies would have responsibility for self-certifying their cybersecurity, perhaps through a third-party assessment.
By contrast, the SECURE IT Act would emphasize information-sharing only, encouraging the federal government and private industry to exchange information on cyberthreats and cyberattacks.
"The SECURE IT Act strengthens America's cybersecurity by promoting collaboration and information-sharing, updating our criminal laws to account for the growing cyber threat and enhancing research programs to protect our critical networks. This legislation will help us begin to meet the very real threat of cyber attack," McCain said in a statement.
McCain was joined in introducing the legislation by Sens. Kay Bailey Hutchison (R-Texas), Chuck Grassley (R-Iowa), Saxby Chambliss (R-Ga.), Lisa Murkowski (R-Alaska), Dan Coats (R-Ind.), Ron Johnson (R-Wis.) and Richard Burr (R-NC).
The senators stressed that their bill would not require DHS to set up regulations, which they view as burdensome to business.
Hutchison said, "We are all in agreement that we need to make our nation's cybersecurity a top priority. I believe we have come up with a strong common sense approach that will help prevent the spread of cyberattacks from network to network and across the Internet, by removing barriers to sharing information about threats, attacks, and strategies for improvement. Our bill focuses on giving businesses the tools they need to protect themselves from the looming threat of cyber criminals, and increased requirements for notification of threats to federal agencies."
Chambliss added, "Now is not the time for Congress to be adding more government, more regulation, and more debt -- especially when it is far from clear that any of it will enhance our security. Our bill offers the right solution to improving our nation's cybersecurity by encouraging collaboration, investment, and innovation."
The bill intends to improve collaboration between the public and private sector by removing legal barriers and liabilities for information sharing. It would allow for expedited sharing of information through private sector channels that companies currently use to communicate with government, the senators said. It also would require federal contractors who provide telecommunications and cybersecurity services to report cyberthreat information pertaining to their services.
The bill would update the Federal Information Security Management Act (FISMA) while maintaining the current roles of the Department of Commerce and the National Institute of Standards and Technology (NIST) to promulgate standards to private business, the senators said. In other words, it would sidestep providing such authority to DHS.
The bill also would toughen criminal statutes for cybercrime and build up existing programs in cybersecurity research and development.
The sponsors of the Cybersecurity Act -- Joseph Lieberman (I-Conn.) along with Susan Collins (R-Maine), Jay Rockefeller (D-WV) and Dianne Feinstein (D-Calif.)-- released a statement welcoming the debate between their measures.
"We are encouraged by our colleagues' recognition that we must act to address the increasingly sophisticated and dangerous attacks on our national infrastructure. We can no longer delay action on deciding how to deal with this critical issue and we are eager to work with them to bring comprehensive cyber security legislation to the Senator floor as soon as possible," they said.
However, they collectively wrote to Senate Majority Leader Harry Reid (D-Nev.) and Minority Leader Mitch McConnell (R-Ky.) Wednesday to press for rapid consideration of their bill.
"We are being attacked in cyberspace now and we need to respond now," they wrote. "Our enemies would enthusiastically welcome us to further postpone this bill in the name of even more 'process.' But after years of work to develop legislation on this pressing problem, the time has come to make the hard choices on how we are going to defend our nation's security from cyberattacks. We can no longer delay action on deciding how to deal with this critical issue and reiterate our request that you bring comprehensive cybersecurity legislation to the Senate floor as soon as possible."
The senators cited extensive deliberations on previous cybersecurity bills and detailed how their bill responded to concerns by amending the authority it would grant to the president and providing the private sector with the means to certify its own cybersecurity posture.
The Democratic proposal, which has some bipartisan support, would empower the Department of Homeland Security (DHS) to set up regulations for the companies owning or operating designated critical infrastructure to maintain cybersecurity safeguards. Under the act known as the Cybersecurity Act of 2012 (S 2105), companies would have responsibility for self-certifying their cybersecurity, perhaps through a third-party assessment.
By contrast, the SECURE IT Act would emphasize information-sharing only, encouraging the federal government and private industry to exchange information on cyberthreats and cyberattacks.
"The SECURE IT Act strengthens America's cybersecurity by promoting collaboration and information-sharing, updating our criminal laws to account for the growing cyber threat and enhancing research programs to protect our critical networks. This legislation will help us begin to meet the very real threat of cyber attack," McCain said in a statement.
McCain was joined in introducing the legislation by Sens. Kay Bailey Hutchison (R-Texas), Chuck Grassley (R-Iowa), Saxby Chambliss (R-Ga.), Lisa Murkowski (R-Alaska), Dan Coats (R-Ind.), Ron Johnson (R-Wis.) and Richard Burr (R-NC).
The senators stressed that their bill would not require DHS to set up regulations, which they view as burdensome to business.
Hutchison said, "We are all in agreement that we need to make our nation's cybersecurity a top priority. I believe we have come up with a strong common sense approach that will help prevent the spread of cyberattacks from network to network and across the Internet, by removing barriers to sharing information about threats, attacks, and strategies for improvement. Our bill focuses on giving businesses the tools they need to protect themselves from the looming threat of cyber criminals, and increased requirements for notification of threats to federal agencies."
Chambliss added, "Now is not the time for Congress to be adding more government, more regulation, and more debt -- especially when it is far from clear that any of it will enhance our security. Our bill offers the right solution to improving our nation's cybersecurity by encouraging collaboration, investment, and innovation."
The bill intends to improve collaboration between the public and private sector by removing legal barriers and liabilities for information sharing. It would allow for expedited sharing of information through private sector channels that companies currently use to communicate with government, the senators said. It also would require federal contractors who provide telecommunications and cybersecurity services to report cyberthreat information pertaining to their services.
The bill would update the Federal Information Security Management Act (FISMA) while maintaining the current roles of the Department of Commerce and the National Institute of Standards and Technology (NIST) to promulgate standards to private business, the senators said. In other words, it would sidestep providing such authority to DHS.
The bill also would toughen criminal statutes for cybercrime and build up existing programs in cybersecurity research and development.
The sponsors of the Cybersecurity Act -- Joseph Lieberman (I-Conn.) along with Susan Collins (R-Maine), Jay Rockefeller (D-WV) and Dianne Feinstein (D-Calif.)-- released a statement welcoming the debate between their measures.
"We are encouraged by our colleagues' recognition that we must act to address the increasingly sophisticated and dangerous attacks on our national infrastructure. We can no longer delay action on deciding how to deal with this critical issue and we are eager to work with them to bring comprehensive cyber security legislation to the Senator floor as soon as possible," they said.
However, they collectively wrote to Senate Majority Leader Harry Reid (D-Nev.) and Minority Leader Mitch McConnell (R-Ky.) Wednesday to press for rapid consideration of their bill.
"We are being attacked in cyberspace now and we need to respond now," they wrote. "Our enemies would enthusiastically welcome us to further postpone this bill in the name of even more 'process.' But after years of work to develop legislation on this pressing problem, the time has come to make the hard choices on how we are going to defend our nation's security from cyberattacks. We can no longer delay action on deciding how to deal with this critical issue and reiterate our request that you bring comprehensive cybersecurity legislation to the Senate floor as soon as possible."
The senators cited extensive deliberations on previous cybersecurity bills and detailed how their bill responded to concerns by amending the authority it would grant to the president and providing the private sector with the means to certify its own cybersecurity posture.
0 comments:
Post a Comment