Senate intros revised security bill to appease privacy woes

Share this article:

A group of senators has introduced a revised version of a bipartisan, but largely Democratic-backed cyber security bill that members hope will enable information sharing while quelling privacy concerns.

The earlier version of the Cyber Security Act of 2012, introduced in February, tasked the U.S. Department of Homeland Security with regulatory oversight to assess the risks and vulnerabilities of critical infrastructure, such as the electric and nuclear power grid, water systems, and telephone and data communications systems, where a successful attack could have a massive public impact.

The latest proposal, which supporters want passed before the August recess, wouldn't force organizations to meet cyber security standards, but instead incentivize them as part of a voluntary program under which they would have to prove they have met a series of security best practices. One of the co-sponsors, Sen. Joseph Lieberman, I-Conn., said the prior mark-up was stronger, but the new version will still lead to get strides in securing the nation's critical infrastructure.

“This compromise bill creates a public-private partnership to set cyber security standards for critical American infrastructure, and offers the reward of some immunity from liability to those who meet those standards," Lieberman said in a statement Thursday. "In other words, we are going to try carrots instead of sticks as we begin to improve our cyber defenses. This compromise bill will depend on incentives rather than mandatory regulations to strengthen America's cyber security."

The nonprofit Electronic Frontier Foundation (EFF), a staunch critic of the original version, said it was pleased with the privacy protections written into the current measure.

The EFF cited a number of concessions, including the proposal making data sharing with law enforcement only mandatory in specific and limited circumstances; preventing the possibility that information shared being used to prosecute crimes unrelated to computer offenses; and ensuring that information is shared with civilian government agencies, not entities like the National Security Agency.

Page 1 of 2
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.