Share & Connect
The Cybersecurity Act of 2012 was originally introduced into the Senate on Feb. 12, “To enhance the security and resiliency of the cyber and communications infrastructure of the United States.” On July 19, Senators Joseph Lieberman (I-Conn.) and Susan Collins (R-Maine) reintroduced a revised version of the legislation for consideration in the Senate, expected to reach the floor sometime this week.
The revised bill has been praised for addressing privacy concerns raised by the American Civil Liberties Union and the Center for Democracy and Technology, such as the bill’s provisions that ensure information is passed onto civilian government agencies instead of military agencies. It also allows individuals to pursue litigation if the use of their information violates the law, a notably absent provision in CISPA.
The legislation also incorporates narrowed language regarding its provisions to create a National Cybersecurity Council from existing members of the Departments of Defense, Justice and Commerce in collaboration with members of the intelligence community and federal agencies. Authors of the bill also included a new section on “incentivizing the adoption of voluntary cybersecurity practices” by providing protection for “owners of critical infrastructure” who meet the standards of cybersecurity practices, as determined by the Council.
Unlike previous pieces of legislation geared towards cybersecurity, CSA has the White House’s approval. In a July 19 op-ed published in the Wall Street Journal, President Obama urged the U.S. Congress to pass the Act, citing a serious need for comprehensive cybersecurity legislation to avoid being compromised.
“It doesn’t take much to imagine the consequences of a successful cyber attack. In a future conflict, an adversary unable to match our military supremacy on the battlefield might seek to exploit our computer vulnerabilities here at home,” Mr. Obama wrote. “This is the future we have to avoid.”
However, organizations like the Heritage Foundation and the Electronic Frontier Foundation still have reservations about the bill’s language regarding monitoring and countermeasures. The EFF raises concerns that, “the bill specifically authorizes companies to use cybersecurity as an excuse for engaging in nearly unlimited monitoring of user data,” which the organization finds especially broad and susceptible to administrative abuse.
Similarly, the Heritage Foundation finds the revised legislation still provides, “far too great an intrusive federal role in defining cybersecurity standards.” Instead, Heritage calls for the legislation to prohibit, “any effort to create a new regulatory system for cybersecurity.”
With the bill reaching the Senate floor this week, the amendments in place may or may not remain in their current form, but will hopefully fulfill Mr. Obama’s words:
“It’s time to strengthen our defenses against growing danger.”