Sens. Jay Rockefeller (D-W.V.), Dianne Feinstein (D-Calif.) and Tom Carper (D-Del.) have announced the introduction of the Cybersecurity and American Cyber Competitiveness Act of 2013, recommending that a combined public-private consensus be built to address the growing volume of threats to national security.
The bill outlines legislative intent, but does not provide specific solutions – and in that is less of a political minefield than its predecessor, the Cybersecurity Act of 2012, which was defeated last year by a Republican-led filibuster. Democrats have called for oversight and the beginnings of a regulatory framework for establishing baseline cyber-readiness for mission-critical infrastructure like water treatment facilities, nuclear power plants and more. Republicans, on the other hand, have refused to entertain placing actual restrictions around what private enterprise can and cannot do in that area, instead urging a voluntary set of recommendations along with better methods to share information.
The new bill was introduced in the spirit of working with both sides. "The new Congress has a real opportunity to reach needed consensus on bipartisan legislation that will strengthen our nation's cyber security," said Rockefeller. "Throughout my five years of work on cyber, our military and national security officials and our country's top business executives have made it abundantly clear that the serious threats to our country grow every day. The private sector and the government must work together to secure the networks that are vital to American businesses and communities.”
Adding fuel to the fire for getting something passed is the fact that US Defense Secretary Leon Panetta referred to a looming “cyber Pearl Harbor” in an address last year, setting off renewed fears of a cyber-warfare attack on critical infrastructure, particularly in light of the discovery of the Stuxnet worm and Flame virus, both believed to be state-sponsored, and both proven effective in taking a range of infrastructure targets in the Middle East offline, including a nuclear facility in Iran.
"The threat of a cyber attack is real, and it is growing," said Feinstein. "Congress must act soon to improve the government's ability to share and receive information on cyber attacks and threats with the private sector. Our national and economic security depends on robust information sharing, and I look forward to working with my colleagues again this Congress to develop strong incentives for this practice, coupled with the needed privacy protections."
Proponents of a Cybersecurity Act have suggested that work on the bill would be carried out in tandem with an executive order from the White House should the Republicans not come to the table. Jeffrey Ratner, senior adviser for cybersecurity on the Senate Homeland Security Committee, said right before the November election that “regardless of what happens on Tuesday, the executive order will move forward.”
Regardless, it’s clear that cybersecurity will be a priority for Congress in 2013. "The Internet touches the lives of everyone in American society on a daily basis," said Carper. "It's where we communicate, work, shop and bank. It also forms the backbone of key critical infrastructure, such as the electric grid, our water supply and our transportation networks. Given all that relies on a safe and secure Internet, it is vital that we do what's necessary to protect ourselves from hackers, cyber thieves and terrorists…Our nation cannot afford more delay on this issue. That's why I am committed to working with my colleagues on both sides of the aisle, the Administration and stakeholders to reach a solution as soon as possible."