Senate intros revised security bill to appease privacy woes

Share this article:

But, the EFF said the measure in its current form contains broad language around the ability for companies to use security as a reason to partake in "nearly unlimited" data monitoring of users. The EFF said it wants the legislation to be more specific in certain areas.

In summary, the Cyber Security Act of 2012, which may be taken up as early as this week, would:

  • Establish a multi-agency council National Cybersecurity Council -- chaired by the Secretary of Homeland Security -- to lead cybersecurity efforts, including assessing the risks and vulnerabilities of critical infrastructure systems.

  • Allow private industry groups to develop and recommend to the council voluntary cyber security practices to mitigate identified cyber risks. The standards would be reviewed and approved, modified or supplemented as necessary by the council to address the risks.

  • Allow owners of critical infrastructure to participate in a voluntary cyber security program. Owners could join the program by showing either through self-certification or a third-party assessment that they are meeting the voluntary cyber security practices. Owners who join the program would be eligible for benefits including liability protections, expedited security clearances, and priority assistance on cyber issues.

  • Create no new regulators and provides no new authority for an agency to adopt standards that are not otherwise authorized by law. Current industry regulators would continue to oversee their industry sectors.

  • Permit information-sharing among the private sector and the federal government to share threats, incidents, best practices, and fixes, while preserving the civil liberties and privacy of users.

  • Require designated critical infrastructure -those systems which if attacked could cause catastrophic consequences -- to report significant cyber incidents.

  • Require the government to improve the security of federal civilian cyber networks through reform of the Federal Information Security Management Act.

President Obama is encouraging Congress to pass the proposed bill, according to an op-ed that appeared in Friday's The Wall Street Journal.

"We need to make it easier for the government to share threat information so critical infrastructure companies are better prepared," Obama wrote. "We need to make it easier for these companies -- with reasonable liability protection -- to share data and information with government when they're attacked. And we need to make it easier for government, if asked, to help these companies prevent and recover from attacks."

Page 2 of 2
Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.