The revised bill would also add privacy protections for consumers and expand information sharing on cybersecurity between the government and private firms. The changes are intended to persuade Senate Republicans to support the bill.
The modified bill would set voluntary, outcome-based cybersecurity best practices and encourage adoption by the private sector through incentives. The private sector would develop and recommended the cybersecurity best practices, which would be approved by a new interagency National Cybersecurity Council chaired by the secretary of homeland security.
The bill would establish a voluntary cybersecurity program for critical infrastructure operators, who could join the program by showing either through self-certification or a third-party assessment that they were employing cybersecurity best practices. Operators that qualify for the program would be eligible for liability protections, expedited security clearances, and priority assistance on cybersecurity issues.
"While the bill we introduced in February is stronger, this compromise will significantly strengthen the cybersecurity of the nation's most critical infrastructure and with it our national and economic security”, said Sen. Joseph Lieberman (I-Conn.), one of the sponsors of the bill. Other sponsors include Sen. Susan Collins (R-Maine), Sen. Jay Rockefeller (D-W.Va.), Sen. Dianne Feinstein (D-Calif.), and Sen. Tom Carper (D-Del.).