With the Senate on Tuesday afternoon set to begin discussions on a proposed cyber security bill, lawmakers are racing to include their own revisions.
The Cybersecurity Act of 2012 -- which has received blessing from the White House -- would incentivize critical infrastructure operators through a voluntary program under which they would have to prove they have met a series of security best practices. The bill was re-introduced earlier this month to include privacy concessions that helped to largely appease some critics, including the internet civil liberties group Electronic Frontier Foundation.
But a number of lawmakers want to add their two cents to a bill that seems to have the momentum that many prior cyber security measures have lacked. That includes a group of senators led by John McCain, R-Ariz., whose competing Strengthening and Enhancing Cyber Security by Using Research, Education, Information and Technology (SECURE IT) Act would allow companies to legally share data gathered from their networks with other companies, law enforcement agents and government agencies in order to enhance cyber protections. Unlike the Cybersecurity Act, SECURE IT, which is favored by businesses, is mostly focused on the information sharing aspect and lacks standards that must be met.
Meanwhile, Sen. Patrick Leahy, D-Vt., the upper chamber's Judiciary Committee chairman, wants to include an amendment that would require organizations that have been breached to alert victims. Leahy, who has been pushing for this for several years, believes a national law should replace the existing assortment of state notification rules.
Leahy's amendments also include a requirement that companies keeping databases that store personal information must implement privacy and security programs to lessen the risk of breaches.
Leahy and Sens. Al Franken, D-Minn., and Ron Wyden, D-Ore., also plan to file privacy amendments, which include provisions that limit the rights of companies to monitor communications, and require that police obtain search warrants before accessing private data on emails, mobile devices and computers.
The Senate may vote on the measure this week. Then, it would to go to the House, where it likely would be reconciled with the already-approved, but controversial Cyber Intelligence and Sharing Protection Act (CISPA).