Senate intros revised security bill to appease privacy woes
A group of senators has introduced a revised version of a bipartisan, but largely Democratic-backed cyber security bill that members hope will enable information sharing while quelling privacy concerns.
The earlier version of the Cyber Security Act of 2012, introduced in February, tasked the U.S. Department of Homeland Security with regulatory oversight to assess the risks and vulnerabilities of critical infrastructure, such as the electric and nuclear power grid, water systems, and telephone and data communications systems, where a successful attack could have a massive public impact.
The latest proposal, which supporters want passed before the August recess, wouldn't force organizations to meet cyber security standards, but instead incentivize them as part of a voluntary program under which they would have to prove they have met a series of security best practices. One of the co-sponsors, Sen. Joseph Lieberman, I-Conn., said the prior mark-up was stronger, but the new version will still lead to get strides in securing the nation's critical infrastructure.
“This compromise bill creates a public-private partnership to set cyber security standards for critical American infrastructure, and offers the reward of some immunity from liability to those who meet those standards," Lieberman said in a statement Thursday. "In other words, we are going to try carrots instead of sticks as we begin to improve our cyber defenses. This compromise bill will depend on incentives rather than mandatory regulations to strengthen America's cyber security."
The nonprofit Electronic Frontier Foundation (EFF), a staunch critic of the original version, said it was pleased with the privacy protections written into the current measure.
The EFF cited a number of concessions, including the proposal making data sharing with law enforcement only mandatory in specific and limited circumstances; preventing the possibility that information shared being used to prosecute crimes unrelated to computer offenses; and ensuring that information is shared with civilian government agencies, not entities like the National Security Agency.