Cybersecurity bill would create costly regulations, say critics
Some Republican senators and the Chamber of Commerce call for the Senate to slow down its efforts to pass a new bill
IDG News Service - Leaders in the U.S. Senate are trying to fast-track new cybersecurity legislation that will create costly new regulations for some businesses, some critics said Thursday.
A plan by Senate Democrats to move the Cybersecurity Act, introduced this week, directly to the Senate floor for a vote raises serious questions about the process and will lead to bureaucrats at the U.S. Department of Homeland Security writing regulations for businesses that control critical infrastructure, said Senator John McCain, an Arizona Republican, during a hearing on the bill.
The Cybersecurity Act, introduced Tuesday by four senators, would allow DHS to "promulgate prescriptive regulations on American businesses," McCain said. "The regulations that would be created under this bill authority would stymie job creation, blur the definition of private property rights and divert resources from actual cybersecurity to compliance with government mandates."
The wide-ranging bill would require operators of so-called critical infrastructure networks to adopt cybersecurity practices if evaluations by DHS find their security lacking. The legislation would cover operators of systems that, if compromised, would cause mass death, evacuation or major damage to the U.S. economy.
The bill would allow owners of critical infrastructure systems to decide how best to meet the performance standards developed in cooperation with DHS.
McCain was among seven Republican senators who, in a Tuesday letter to Senate leadership, called for multiple hearings on the legislation. The Senate needs to have a serious discussion about whether DHS is the best agency to protect the U.S. against cyberattacks or whether the Department of Defense or National Security Agency might be better suited, McCain said.
Thomas Ridge, chairman of the National Security Task Force at the U.S. Chamber of Commerce and a former U.S. secretary of homeland security, also voiced opposition to the bill during the hearing, before the Senate Homeland Security and Governmental Affairs Committee. The bill doesn't appear to have a limit on what businesses DHS can designate as critical infrastructure, he said.
Cybersecurity mandates may not be effective, Ridge added. "Frankly, the attackers and the technology move a lot faster than any regulatory body or political body will ever be able to move," he said.
But supporters of the bill argued that new cybersecurity measures are needed. Lawmakers have been working on a comprehensive cybersecurity bill for years, and this legislation is a product of dozens of past hearings and meetings between lawmakers and business leaders, said Senator Joe Lieberman, a Connecticut independent and sponsor of the bill.
While critics call for delays, cyberthieves are looting U.S. businesses and government agencies, added Senator Susan Collins, a Maine Republican and co-sponsor. Sponsors made several changes to the bill in response to concerns from the Chamber of Commerce, she said.
"This bill is urgent," Collins said. "We can't wait to act. We cannot wait until our country has a catastrophic cyberattack."
Janet Napolitano, current secretary at DHS, and Stewart Baker, a former official at DHS and the NSA, both voiced support for the bill.
Although some critics have called for a stripped-down bill that deals mainly with security efforts at government agencies, "now is not the time for half-measures," Napolitano said.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is email@example.com.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- Infographic: Converged Infrastructure Benefits This Infographic quantifies the savings organizations are realizing from increased deployment speed, higher availability, and lower annual costs.
- CIOs Deliver Productivity Breakthroughs with Intelligent Digital Signage Retailers have long recognized the influence that digital signage provides over a shopper's point-of-purchase decision making process.
- Going Paperless? Here's What You Need to Think About As makers of some of the world's most popular PDF solutions, we often consult with businesses & governmental agencies that have the goal...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Building Tomorrow's Infrastructure Listen to this podcast to discover how Crider Foods worked with PC Connection to update their IT infrastructure, while maintaining compliance and control. All Gov't Legislation/Regulation White Papers | Webcasts