Lawmakers are again trying to pass cyber security legislation that would formalize cooperation among businesses and the federal government to help better defend the nation's critical infrastructure.
On Wednesday, a group of seven Democratic senators, led by John Rockefeller IV, D-W.Va., introduced the Cybersecurity and American Cyber Competitiveness Act of 2013. The bill has been referred to committee for discussion and amendments before it returns to the Senate floor for a vote.
The language in the measure has not yet been firmed up, but it is expected to create mechanisms for threat information sharing, workforce development, risk assessment and identity theft prevention.
In November, the Senate struck down another largely Democratic-backed security bill, the Cybersecurity Act of 2012, in a 51-47 vote.
Democrats hope the new bill can gain bipartisan support by encouraging "collaboration" between the public and private sector, as opposed to requiring it.
Previous versions of the bill received criticism for the potential cost burden placed on businesses, particularly small companies, which would be forced to follow additional regulations that may not necessarily improve security. The bill also raised civil liberties concerns, as well as apprehension about the government having too much access to private companies' data.
Despite the objections, Ira Winkler, president of the Information Systems Security Association (ISSA), a nonprofit group of IT security professionals, told SCMagazine.com on Friday that Congress must act sooner or later.
“There's never been a perfect law written,” Winkler said. “But in the absence of a requirement, we have nothing. The law, as it is, is not going to be perfect. It will fall short of what is actually needed to achieve a good level of security. But what it will do is raise the bar, because right now there is no bar. Self-regulation has not worked.”