GOP Senators revise cybersecurity bill
New version of SECURE IT takes less regulatory approach than Democratic-backed Cybersecurity Act, sponsors say
Computerworld - A group of Republican senators on Wednesday introduced a revised version of a previously proposed bill that seeks to enhance cybersecurrity by improving the sharing of information between private industry and government.
The new Strengthening and Enhancing Cybersecurity by Using Research, Education, Information and Technology Act (SECURE IT) is being put forth as a less regulatory alternative to another Senate bill, the Cybersecurity Act, which was introduced earlier this year by Senate Democrats.
The main difference between the two bills is that, unlike the Democratic version, the Republican version does not give any new regulatory authority to the federal government to set cybersecurity standards. The new version of SECURE IT also restricts the purposes for which government can retain and use information about cyberthreats.
SECURE IT, backed by Sens. John McCain (R-Ariz.), Kay Bailey Hutchison (R-Texas), Chuck Grassley (R-Iowa), Saxby Chambliss (R-Ga.), Lisa Murkowski (R-Alaska), Dan Coats (R-Ind.), Ron Johnson (R-Wis.), and Richard Burr (R-N.C.), will allow companies to legally share real-time cyberthreat information from their networks with other industry stakeholders, law enforcement agents and government officials.
Security experts believe that such information-sharing is vital to combating cyberattacks. The bill will also encourage investment in tools and training for preventing and remediating cyberattacks.
In addition, SECURE IT seeks to strengthen criminal statutes against cybercrime and will require federal contractors to notify their government customers of any security incidents affecting their services.
Many of the objectives are similar to those proposed in the Cybersecurity Act. What's different is that SECURE IT does not give the government any new regulatory authority.
The Democratic bill gives the U.S. Department of Homeland Security the right to evaluate the security practices of enterprises that operate components of the nation's critical infrastructure. It would require operators that are found deficient in their security practices to work with the DHS to remedy the situation.
With SECURE IT, the focus is more on deterrence rather than regulation, according to a statement that the senators who sponsored the bill issued on Wednesday.
"I have no faith that federal regulators should take the lead on cybersecurity," Sen. Johnson said in the statement. "The regulatory process simply cannot keep up with the rapid pace of technology. Rather than try to impose a comprehensive approach, we need to take this one step at a time -- building confidence between government and the private sector, and ensuring protections for civil liberties."
The revised version of SECURE IT tightens up the definition of cyberthreat information. It also spells out the responsibilities of government organizations and industry stakeholders when sharing information about cyberthreats.
It includes language aimed at ensuring that federal agencies adopt and update security tools for combating cyberthreats. "The surest and quickest way to improve cybersecurity in this country is to leverage the capabilities and flexibility of the private sector instead of creating costly layers of government bureaucracy," Sen. Coats said in the statement.
House lawmakers passed their version of a similar information-sharing bill (H.R. 3523) in April. That bill, called the Cyber Intelligence Sharing and Protection Act (CISPA), attracted considerable criticism from privacy advocates and others, who fear it will eviscerate privacy rights.
President Obama has threatened to veto any cybersecurity bill that has the provisions that CISPA has.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His email address is firstname.lastname@example.org.
- Cyberattacks could paralyze U.S., former defense chief warns
- Security Manager's Journal: Thousands of dollars in phone calls? Management hates that.
- Everything You Know About Enterprise Security Is Wrong
- UK man charged with hacking Federal Reserve
- McAfee Offers Global Response to Nationalized Malware
- Tech Industry Praises Cybersecurity Framework From White House
- Ransomware like Cryptolocker uses Bitcoin, other virtual currencies for payment
- Trial for alleged Silk Road creator Ross Ulbricht set for November
- Target attack shows danger of remotely accessible HVAC systems
- U.S. is investigating Target data breach, AG Holder says
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
Red Hat Enterprise Linux - The Original Cloud Operating System
Linux adoption is growing against a number of measures, such as the
number of supercomputers that run Linux and the size of the contributing...
- OpenStack Hype vs. Reality: CIO Quick Pulse Open-source architecture can enable IT departments to build infrastructure-as-a-service (IaaS) clouds running on standard hardware.
- Building a Bridge to the Next Generation Data Center Selecting a widely adopted operating system is a foundational component of a standardization strategy.
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Cybercrime and Hacking White Papers | Webcasts