GOP Senators revise cybersecurity bill
New version of SECURE IT takes less regulatory approach than Democratic-backed Cybersecurity Act, sponsors say
Computerworld - A group of Republican senators on Wednesday introduced a revised version of a previously proposed bill that seeks to enhance cybersecurrity by improving the sharing of information between private industry and government.
The new Strengthening and Enhancing Cybersecurity by Using Research, Education, Information and Technology Act (SECURE IT) is being put forth as a less regulatory alternative to another Senate bill, the Cybersecurity Act, which was introduced earlier this year by Senate Democrats.
The main difference between the two bills is that, unlike the Democratic version, the Republican version does not give any new regulatory authority to the federal government to set cybersecurity standards. The new version of SECURE IT also restricts the purposes for which government can retain and use information about cyberthreats.
SECURE IT, backed by Sens. John McCain (R-Ariz.), Kay Bailey Hutchison (R-Texas), Chuck Grassley (R-Iowa), Saxby Chambliss (R-Ga.), Lisa Murkowski (R-Alaska), Dan Coats (R-Ind.), Ron Johnson (R-Wis.), and Richard Burr (R-N.C.), will allow companies to legally share real-time cyberthreat information from their networks with other industry stakeholders, law enforcement agents and government officials.
Security experts believe that such information-sharing is vital to combating cyberattacks. The bill will also encourage investment in tools and training for preventing and remediating cyberattacks.
In addition, SECURE IT seeks to strengthen criminal statutes against cybercrime and will require federal contractors to notify their government customers of any security incidents affecting their services.
Many of the objectives are similar to those proposed in the Cybersecurity Act. What's different is that SECURE IT does not give the government any new regulatory authority.
The Democratic bill gives the U.S. Department of Homeland Security the right to evaluate the security practices of enterprises that operate components of the nation's critical infrastructure. It would require operators that are found deficient in their security practices to work with the DHS to remedy the situation.
With SECURE IT, the focus is more on deterrence rather than regulation, according to a statement that the senators who sponsored the bill issued on Wednesday.
"I have no faith that federal regulators should take the lead on cybersecurity," Sen. Johnson said in the statement. "The regulatory process simply cannot keep up with the rapid pace of technology. Rather than try to impose a comprehensive approach, we need to take this one step at a time -- building confidence between government and the private sector, and ensuring protections for civil liberties."
The revised version of SECURE IT tightens up the definition of cyberthreat information. It also spells out the responsibilities of government organizations and industry stakeholders when sharing information about cyberthreats.
It includes language aimed at ensuring that federal agencies adopt and update security tools for combating cyberthreats. "The surest and quickest way to improve cybersecurity in this country is to leverage the capabilities and flexibility of the private sector instead of creating costly layers of government bureaucracy," Sen. Coats said in the statement.
House lawmakers passed their version of a similar information-sharing bill (H.R. 3523) in April. That bill, called the Cyber Intelligence Sharing and Protection Act (CISPA), attracted considerable criticism from privacy advocates and others, who fear it will eviscerate privacy rights.
President Obama has threatened to veto any cybersecurity bill that has the provisions that CISPA has.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His email address is email@example.com.
- Kicking the stool out from under the cybercrime economy
- Chinese man indicted over theft of Boeing C-17 secrets
- The making of a cybercrime market
- Arrests made after international cyber-ring targets StubHub
- International police operation disrupts Shylock banking Trojan
- Spamhaus pushes for arrests of alleged DDoS participants
- Accused Russian point-of-sale hacker arrested, will face U.S. charges
- No-IP regains control of some domains wrested by Microsoft
- Microsoft legal action cramping other hacking campaigns, Kaspersky says
- Microsoft admits technical error in IP takeover, but No-IP still down
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Transforming Information Security: Future-Proofing Processes This report provides a valuable set of recommendations from 19 of the world'd leading security officers to help organizations build security strategies for...
- The Evolution of Corporate Cyberthreats Cybercriminals are creating and deploying new threats every day that are more destructive than ever before. While you may have more people devoted...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- Establish Cyber Resiliency: Developing a Continuous Response Architecture Many enterprises fail to proactively prepare the battlefield for a data breach by only leveraging outdated techniques that focus on the perimeter or...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Cybercrime and Hacking White Papers | Webcasts