Lawmakers on Wednesday introduced in the U.S. Senate a revised draft of the Cybersecurity Act, striking out a controversial clause that would have given the president power to shut down the internet.
Originally introduced in April of 2009 by Sen. John (Jay) Rockefeller IV, D-W.Va., and Sen. Olympia Snowe, R-Maine, the bill is designed to address the nation’s vulnerability to cybercrime, global espionage and digital attacks.
The proposed “Rockefeller-Snowe” legislation has undergone four revisions so far. The newest draft, which takes into account suggestions from cybersecurity experts in government, the private sector and the civil liberties community, includes two new provisions and five revised ones.
An earlier version of the bill garnered criticism because it contained a provision that would have allowed the president to declare a cybersecurity emergency and order the shutdown of internet traffic to and from any compromised federal government or critical infrastructure information system. The revised bill would require the president to collaborate with critical infrastructure owners to develop cybersecurity emergency response plans, the bill states. The president’s declaration of a cybersecurity emergency would trigger the implementation of these plans.
“This 21st century threat calls for a robust 21st century response from our government, our private sector and our citizens,” Rockefeller said in a statement released Wednesday. “Private companies and the government must work together to protect our nation, our networks and our way of life from the growing cyberthreat.”
In addition, the revised Cybersecurity Act explicitly states that it “does not authorize, and shall not be construed to authorize, an expansion of existing presidential authorities.”
A new provision of the proposed law would require the president, in collaboration with critical infrastructure owners, to identify specific IT systems whose infiltration or disruption “would threaten a strategic national interests,” according to an explanation of the revised bill. The other new provision would require the president to provide security clearances to private sector owners and operators of critical infrastructure systems so they can receive classified threat information.
“The networks that American families and businesses rely on for basic day-to-day activities are being hacked and attacked every day,” Rockefeller said. “At this very moment, sophisticated cyberenemies are trying to steal our identities, our money, our business innovations, and our national security secrets.”
In addition, the bill would create a public-private information sharing clearinghouse so government and private officials can exchange threat and vulnerability information.
The revised bill would also require the president to collaborate with critical infrastructure companies to identify the best cybersecurity training programs and best practices for IT products and services. It would require those companies to comply with the standards and report the results of independent audits of their compliance.