Cybersecurity: Does Senate deal on legislation compromise defenses?

The power grid near Albuquerque, N.M., provides power to Sandia National laboratory, which overseas nuclear weapons research, and Kirkland Air Force Base, which has advanced weapons. Both would go dark without the grid – as would the bulk of US military bases – making the grid a prime target. Will cybersecurity measures for such areas be voluntary or mandatory, Mr. Lewis wonders?

The only chance now to give the bill teeth, he says, is to amend it when it reaches the Senate floor to make it stronger, and add some mandates. But there will also be a big countervailing push to further dilute the compromise bill, he acknowledges.

"The problem is that the incentives the bill offers just aren't enough," he says. "If you sign up for this approach, then the Department of Homeland Security can inspect your networks. If you don't' sign up they can't. Why would anyone sign?"

Privacy advocates, however, cheered the updated bill, which includes retooled language on information sharing between private industry and government. The key, they said, was that information from private industry would be handled by civilian rather than military authorities.

"These new and revised provisions go a long way toward alleviating our concerns about the threats the cybersecurity legislation posed to our fundamental constitutional rights," Sharon Bradford Franklin, senior policy counsel at the Constitution Project, said in a statement. The Constitution Project is a cyberprivacy group based in Washington.

Information shared for cybersecurity reasons would be limited and could not be used for unrelated law enforcement or other purposes.

"The information-sharing provisions of this bill are now not only better than earlier versions offered in the Senate, but are vastly superior to those in the Cyber Intelligence Sharing and Protection Act (CISPA) passed earlier this year in the House," Ms. Bradford Franklin said.

A cybersecurity oped article by President Obama appeared on the Wall Street Journal online website a few hours after the compromise was unveiled. Some news reports took that to mean the White House backs the compromise bill – although there was no explicit statement about it in the article. Mr. Obama has previously staunchly supported the Cybersecurity Act's earlier mandatory approach.

"The American people deserve to know that companies running our critical infrastructure meet basic, commonsense cybersecurity standards, just as they already meet other security requirements," the president wrote. "It would be the height of irresponsibility to leave a digital backdoor wide open to our cyber adversaries."

Previous

1 | 2