Senate introduces sweeping cybersecurity bill

(from left) Carper, Lieberman, and Collins (Image courtesy of Senate Committee on Homeland Security & Governmental Affairs)
(from left) Carper, Lieberman, and Collins (Image courtesy of Senate Committee on Homeland Security & Governmental Affairs)

Flanked by Susan Collins (R-ME) and Tom Carper (D-DE), the independent senator from Connecticut outlined key points of a long-anticipated bill that would, among other items, provide the president with emergency powers to shut down networks in case of a cyberattack against critical infrastructure networks.

“The internet may have started out as a communications oddity some 40 years ago, but it is now clearly a necessity of modern life, and sadly, one that it constantly under attack”, Lieberman said during a press conference announcing the bill. “And that’s why we are here, because we believe it must be secure.”

Reviewing all the threats the US moved to address since the 9/11 terrorist attacks, Senator Collins contends the topic of internet security has received the least attention. “There is, perhaps, no greater vulnerability we have yet to address than that of securing cyberspace”, she said. “We cannot afford to wait for a cyber 9/11 before our government realizes the importance of protecting our cyber resources. It’s not a matter of if an attack will occur, but when.”

The Protecting Cyberspace as a National Asset Act of 2010, its rather cumbersome official title, would establish an Office of Cyber Policy within the executive branch while creating a director position responsible for advising the president in establishing national cyberspace policy. It also provides for a new National Center for Cybersecurity and Communications (NCCC) within the Department of Homeland Security, led by a separate director “who would enforce cybersecurity policies throughout the government and the private sector”, according to a Committee press statement.

The bill would also reintroduce presidential authority to take “emergency measures” in the event that critical infrastructure networks are being exploited, or are about to face attack. This version of the bill would require the president to notify Congress in advance of exercising such emergency authority over CI networks, with this power limited to 30 days unless the president requests an extension. The statement makes clear that this “does not authorize the government to ‘take over’ private networks.”

Also included in the legislative proposal is the transition of FISMA development, oversight, and enforcement throughout the federal government from the Office of Management and Budget to the newly created NCCC. Further, it proposes to use the government’s bulk purchasing power to enforce certain security standards among the software it purchases from third-party vendors.

Lieberman called this a “national asset act” for short, highlighting the fact that the internet and cyberspace touch nearly every part of our modern lives.

“For all of its user-friendly allure, the internet can also be a dangerous place, with electronic pipelines that run directly into everything from our personal bank accounts, to key infrastructure and industrial secrets”, noted the senator. “Our economic security, our national security, our public safety are all at risk as a result.”

The NCCC, as the bill’s sponsor sees it, would be responsible for coordinating the cyberdefense efforts currently being carried out separately by public and private sector organizations, while also establishing “a baseline set of security requirements” for all organizations responsible for CI networks. Citing the opinion of DHS, Lieberman said that with CI data flowing through private networks, attacks against the private sector leave the nation vulnerable to an attack that could cripple the our economy. “[The] legislation therefore would give the Department of Homeland Security the authority to ensure that our nation’s most critical infrastructure is protected from cyberattack. That will only be successful if industry and government are working together”.

What’s Hot on Infosecurity Magazine?