Skip to: Content
Skip to: Site Navigation
Skip to: Search


Cybersecurity: Does Senate deal on legislation compromise defenses?

Cybersecurity hawks agreed to voluntary measures instead of government mandates. Privacy advocates are pleased, but others say compromise bill doesn't protect vital national assets. 

By Staff writer / July 20, 2012



In a desperate bid to get a cybersecurity bill passed before Congress adjourns in August, Senate hawks seeking to protect vital national assets like the power grid blinked – offering up compromise legislation that substitutes voluntary measures for government mandates.

Skip to next paragraph

Under the compromise, unveiled late Thursday, operators of gas pipelines, refineries, water supply systems and other physical assets vital to modern life in the US would voluntarily submit their computer networks to testing by the Department of Homeland Security. In return, they would get protection from financial liability in case of a devastating cyberattack.

Key to the revamped version of the Cybersecurity Act is a public-private partnership – a multi-agency National Cybersecurity Council – chaired by the secretary of Homeland Security. It would assess risks and vulnerabilities, but allow industry to recommend voluntary practices to deal with cyberthreats.

Standards would be reviewed, modified or approved by the council. Industry could also show their systems to be secure through self-certification or third-party assessment. The companies would then be eligible for liability protection.

"We are going to try carrots instead of sticks as we begin to improve our cyberdefenses," Sen. Joe Lieberman (I) of Connecticut, a co-sponsor of the legislation, said in a statement. "This compromise bill will depend on incentives rather than mandatory regulations to improve America's cybersecurity. If that doesn't work, a future Congress will undoubtedly come back and adopt a more coercive system."

While he acknowledged the bill previously introduced in February by himself and Sen. Susan Collins (R) of Maine "is stronger," Lieberman said the new "compromise will significantly strengthen the cybersecurity of the nation’s most critical infrastructure and with it our national and economic security."

But others said the compromise Cybersecurity Act – which is aimed at wooing votes away from an all-volunteer cybersecurity bill offered by Sen. John McCain – is now too weak to truly protect the nation's key computer networks, because it's voluntary.

"The best thing you can say about this new bill is that it doesn't do much harm – but it also doesn't make things any better," says James Lewis, a cybersecurity expert with the Center for Strategic and International Studies in Washington. "There are no new authorities and everything in the bill could already be done under an executive order."

Permissions

Read Comments

View reader comments | Comment on this story

  • Weekly review of global news and ideas
  • Balanced, insightful and trustworthy
  • Subscribe in print or digital

Special Offer

 

Doing Good

 

What happens when ordinary people decide to pay it forward? Extraordinary change...

Danny Bent poses at the starting line of the Boston Marathon in Hopkinton, Mass.

After the Boston Marathon bombings, Danny Bent took on a cross-country challenge

The athlete-adventurer co-founded a relay run called One Run for Boston that started in Los Angeles and ended at the marathon finish line to raise funds for victims.

 
 
Become a fan! Follow us! Google+ YouTube See our feeds!