Warning of “cyber mayhem” sweeping the country, leaders of the Senate Homeland Security, Intelligence, and Commerce committees on Tuesday introduced long-expected legislation designed to streamline government efforts to combat cyberthreats.
The Cybersecurity Act of 2012 (S. 2105) would be a major step toward increased government oversight of some private networks like electric grids, water systems, or transportation, which could be at risk of cyberattacks.
“This bill would begin to arm us for battle in a war against the cyber mayhem that is being waged against us by our nation’s enemies, organized criminal gangs, and terrorists who would use the Internet against us as surely as they turned airliners into guided missiles,” said one of the bill’s sponsors, Senate Homeland Security Chairman Joe Lieberman, ID-Conn., in a statement.
The bill would direct the Homeland Security Department to assess and determine which industries to classify as “critical infrastructure.” If selected, those industries would be required to meet a minimum level of security, which would be developed by the companies and the agency.
Loss of critical infrastructure is defined as damage that would cause “severe degradation of national security, catastrophic economic damage, or the interruption of life-sustaining services” leading to mass casualties or evacuations. Supporters of the bill are quick to point out that the legislation would not put Homeland Security in charge of actually protecting private networks.
If companies meet the designated level of security and still fall victim to a cyberattack, the bill would grant them liability protection.
Under the bill, all of Homeland Security’s cybersecurity efforts would be consolidated in a new National Center for Cybersecurity and Communications. The legislation would also seek to increase information-sharing between the government and private businesses, provide a new program for research and development, and increase standards for federal networks.
Not included in the proposal is a single clearinghouse for information shared by the government and businesses. Other bills introduced in the House, for example, would create a quasi-governmental organization to oversee the information.
The Senate bill, however, would direct leaders of several departments to eventually designate a government agency to coordinate information. That proposal comes from Senate Intelligence Chairwoman Dianne Feinstein, D-Calif., who outlined the plan on Monday.
The bill also doesn’t include a so-called Internet “kill switch,” which would have given the president emergency authority over parts of the Internet in case of a major attack. That provision was dropped from proposals last year after vehement opposition from Internet-freedom advocates.
President Obama and leaders in the Senate, House, and businesses have all called for swift passage of cybersecurity legislation. The Senate bill introduced on Tuesday won praise from other members of Congress in both chambers as well as some business groups, but there may be storm clouds ahead.
Civil-liberties groups complain the bill could undermine some privacy protections. The bill as written would allow the information shared during cybersecurity investigations to be used for other criminal cases. At a Capitol Hill briefing last week, the Center for Democracy and Technology’s Gregory Nojeim said privacy concerns over such provisions are one issue that could cause the Internet community to revolt in a way similar to the protests that targeted controversial antipiracy legislation in January.
This article appears in the Feb. 15, 2012, edition of National Journal Daily.