Senate Panel Passes Cybersecurity Bill
Creating Voluntary IT Security Best Practices for IndustryBipartisanship, a rare commodity in Congress, surfaced in the Senate Commerce Committee, which approved by a voice vote cybersecurity legislation that codifies President Obama's cybersecurity framework.
See Also: Bolstering Australia’s Security Posture with Accelerated ZTNA
That framework would create IT security best practices that the owners of the mostly privately held critical infrastructure could voluntarily adopt. The framework is being written by a government-industry team led by the National Institute of Standards and Technology, which the Senate panel oversees [see NIST Unveils Draft of Cybersecurity Framework].
Technically, the bill sponsored by committee Chairman Jay Rockefeller, D-W.Va., and ranking member John Thune, R-S.D., goes to the Senate for consideration. But if precedent is followed, their bill could be merged with other cybersecurity measures that should emanate from other committees, such as a still-to-be-drafted measure from the Senate Homeland Security and Governmental Affairs Committee to reform the Federal Information Security Management Act, the law that governs federal government IT security, as well as legislation to foster cyberthreat information sharing between the government and industry.
Building Momentum
"Sen. Thune and I reached strong bipartisan consensus with the Cybersecurity Act that was passed out of committee today," Rockefeller, D-W.Va., said in a statement issued after the bill's passage on July 30. "I'm confident that others will follow our lead and develop their own bipartisan bills with key elements, including information sharing, that will complement our work to help strengthen and improve our economic and national security. Now that the Commerce Committee has passed its bill, we've got to build on today's momentum and get it to the floor."
Besides the framework, the bill addresses cybertraining, education and awareness.
Congress hasn't enacted significant cybersecurity legislation in a decade. Last year, a comprehensive cybersecurity bill couldn't muster enough votes to overcome a Senate filibuster [see Senate, Again, Fails to Halt Filibuster]. Congress' failure to enact cybersecurity legislation led President Obama to issue in February an executive order calling for the creation of the framework and the promotion of cyberthreat information sharing [see Obama Issues Cybersecurity Executive Order].
Senate Playing Catch-Up
The House has been more active than the Senate on the cybersecurity legislative front. In April, the House passed legislation to reform FISMA as well as advance cybersecurity research and development [see FISMA Reform Passes House on 416-0 Vote].
Also in April, a House panel passed the Cyber Intelligence Sharing and Protection Act, which aims to create a mechanism for the government and industry to share cyberthreat information [see CISPA Clears House Intelligence Panel]. Obama has threatened to veto that bill unless it's modified to strengthen and safeguard privacy and civil liberties, preserve long-standing roles of civilian and intelligence agencies and provide for appropriate sharing with targeted liability protections [see White House Threatens CISPA Veto, Again].