President Obama stressed the need for the Senate to pass “comprehensive cybersecurity legislation” in an op-ed published hours after a revised cybersecurity bill was introduced in the Senate.
“We need to make it easier for the government to share threat information so critical-infrastructure companies are better prepared,” wrote Obama in the Wall Street Journal on Thursday.
“We need to make it easier for these companies—with reasonable liability protection—to share data and information with government when they’re attacked. And we need to make it easier for government, if asked, to help these companies prevent and recover from attacks.”
The president has not always been kind to Congressional cybersecurity efforts: CISPA (Cyber Intelligence Sharing and Protection Act) passed the House in April despite a veto threat from Obama’s top advisors.
The Lieberman-Collins bill, named the Cybersecurity Act of 2012, was designed to beef up private business’ cybersecurity efforts and establish a process by which businesses and government agencies can share information about cyberthreats.
It was tied up in the Senate by bipartisan disagreement: many Democrats wanted to set federally-mandated cybersecurity standards for businesses deemed crucial to the national interest, while many Republicans dismissed that idea as overly burdensome on the private sector.
Privacy advocates also scoffed at the idea of putting a military or intelligence agency, such as the National Security Agency, at the helm of an information-sharing initiative.
The latest version of the Lieberman-Collins bill, introduced late Thursday, represents a compromise between the different camps. As written, the revised bill wouldn’t require businesses to meet cybersecurity standards, but rather allows them to opt-in to a voluntary self-certification process (critical infrastructure would, however, have to report any major cyberattack).
Standards for that process would be written by a “National Cybersecurity Council” that would be tasked with overseeing computer networks of critical infrastructure, such as power grids.
The Council would be led by the civilian Homeland Security Secretary. Membership would be granted to members of a wide array of public and private stakeholders, including the Pentagon, Justice Department, Department of Commerce and the intelligence community.
The bill includes several other changes designed to protect Internet users’ privacy, including a requirement that information shared under the program should be “reasonably necessary” to protect against a cyber threat and a stipulation that allows individuals to sue the government if it intentionally breaks the law through the program.
Those changes were welcomed by the Electronic Frontier Foundation, a leading Internet privacy advocacy group.
“[The revised bill] drastically improves upon the previous bill by addressing the most glaring privacy concerns,” reads an EFF blog post.
“We remain unpersuaded that any of the proposed cybersecurity measures are necessary and we still have concerns about certain sections of the bill, especially the sections on monitoring and countermeasures. But this was a big step in the direction of protecting online rights, and we wouldn’t be here without the support of Internet users contacting Congress in droves.”
The co-sponsors of the legislation stressed in a statement that the Cybersecurity Act of 2012 “does not affect copyrighted information on the internet and thus in no way resembles the Stop Online Piracy Act or the Protect Intellectual Property Act,” two bills that were defeated by an unprecedented tidal wave of opposition largely organized on the Internet.
Compromise efforts around Lieberman-Collins were spearheaded by Sens. Sheldon Whitehouse (D-R.I.) and Jon Kyl (R-Ariz.). Debate on the revised bill is expected to begin next week. Congressional leaders have stressed their desire to pass a cybersecurity bill before the end of the current term on Jan. 3.
Separate cybersecurity legislation, known as the Cyber Intelligence Sharing and Protection Act, passed in the House of Representatives in April despite a veto threat from top advisors to the president.
Read the full version of the Cybersecurity Act of 2012 right here.
Image courtesy of The White House
Related posts:
Views: 0