Cybersecurity bill passes first hurdle

Computerworld - A closely watched bill that promises to introduce some major changes on the federal cybersecurity front was approved by the Senate Commerce Committee today just days after it was introduced by Senators Jay Rockefeller (D-W.Va.) and Olympia Snowe (R-Maine).

The proposed legislation is called the Cybersecurity Act (S.773) and is a revised version of a bill that was originally introduced by the two Senators last year.

It seeks to improve national cybersecurity preparedness by fostering a closer collaboration between the government and private sector companies, which own a vast portion of the country's critical infrastructure.

The bill would require the President to work with owners of critical infrastructure systems to identify and properly classify IT systems whose disruption would threaten strategic national interests.

It would also require federal agencies that are involved in cybersecurity, to share information with private sector operators of critical infrastructure networks.

The bill contains several provisions designed to encourage the growth of a trained and certified cybersecurity workforce, promote public awareness of cybersecurity issues and to foster and fund research leading to the development of new security technologies.

If passed, the bill would require agency heads to provide information on their cybersecurity workforce plans including recruitment, hiring and training details.

But s controversial provision in the original bill that would have given the president near complete authority to disconnect private and government networks from the Internet in the event of a cyber emergency has been removed in the new version of the bill.

Instead, the revised bill calls for the President to work with key executive in critical infrastructure industries to formulate an appropriate response in a cyber crisis.

The smooth passage of the bill through the Senate Commerce Committee is a sign of the broad bi-partisan support that the bill has garnered so far. Many see the legislation as vital to building the capabilities needed to respond to the array of cyber threats facing government, critical infrastructure and private industry these days.

In a statement, Mike Bregman, Symantec Corp.'s chief technology officer, lauded the passage of the bill out of committee. "The bill recognizes cybersecurity as a share, public/private collaboration, led by private sector innovation and based on market-driven incentives," Bregman said.

The bill comes amid heightened concern in Washington over the recent attacks against Google and dozens of other high-tech companies apparently by operatives based in China.

The attacks have prompted calls for the U.S. to develop a formal cybersecurity strategy that is focused on shoring up defenses while building out a cyber offensive capabilities.

The Rockerfeller-Snowe legislation is one of two major bills that have been proposed in Congress recently. The other bill is called the International Cybercrime Reporting and Cooperation Act, and is sponsored by Sens. Kirsten Gillibrand (D-NY) and Orrin Hatch (R-UT).

The bill, introduced in the Senate earlier this week, seeks to curtail aid, financial help and trade programs with countries that are seen as havens for cybercriminals. It has already garnered industry support from the likes of American Express, Mastercard, Visa , eBay, Facebook, Microsoft and Cisco, Gillibrand's office said.

Meanwhile, a separate proposal is being floated among lawmakers and the U.S. State Department for the creation of an ambassador-level position for negotiating cyber-security matters at the United Nations and for ensuring the country has a consistent international policy on the issue.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.

Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.