The bill, the Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology Act (SECURE IT), places more emphasis on information sharing than regulation to improve the cybersecurity of private industry, particularly critical infrastructure. If nothing else, the bill differs in the verbosity of its title compared to the tersely titled Cybersecurity Act pushed by the Senate Democratic leadership.
According to a press release issued by McCain, the SECURE IT would improve cybersecurity by eliminating barriers to enhanced public-private information sharing and create expedited information sharing using existing structures and reporting relationships; require federal contractors who provide IT services for the federal government to report cyber threat information related to those services; strengthen criminal statutes for cyber crimes; update the Federal Information Security Management Act and preserve the roles of the National Institute of Standards and Technology and the Department of Commerce in disseminating security standards for the federal government; and strengthen existing programs in cybersecurity research and development.
Last week, McCain blasted the Senate Democratic leadership for trying to rush the Cybersecurity Act to the Senate floor for a vote. The Cybersecurity Act, introduced by a group of senators that includes at least one Republican and a Democrat turned Independent, was supposed to have the fast track to the Senate floor. Among other provisions, the Cybersecurity Act would give the Department of Homeland security the authority to oversee the cybersecurity of private sector critical infrastructure.
US trade groups appear to be supportive of the Republican alternative, although TechAmerica, an high-tech trade association, just wants a bill that can actually get passed and enacted. In a statement, TechAmerica encouraged the Republicans and Democrats “to work together to create the best possible, bipartisan framework to enhance our nation’s cybersecurity.” In particular, TechAmerica wants a national data breach notification law to override the myriad of state laws now in place.