Legislative movement is afoot in both houses of Congress to give the federal government greater authority to require and control cyber security measures in critical private sector industries. As much as 85 percent of “critical infrastructure” (power plants, dams, the electricity grid, banking networks, etc.) is owned by the private sector and many are at risk. Just in the past six months, there have been numerous high-profile events, such as the hacking by Anonymous into an FBI/Scotland Yard call, that have brought this issue to the forefront.
Things are further along on the House side, where two bills are currently under consideration. The House Select Committee on Intelligence produced H.R. 3523; the other, H.R. 3674, has a mnemonic name (the PRECISE Act – Promoting and Enhancing Cyber Security and Information Sharing Effectiveness Act), and has bipartisan support in the House Homeland Security Committee. What is interesting about this piece of legislation is that it gives the private sector more insight on threats and allows for information sharing that goes beyond what we typically think of as “critical infrastructure.” There is a very good summary of the primary elements of both these bills by Paul Rosenzweig on the Lawfare blog of Harvard Law School.
On the Senate side, while there are bills that have been introduced, work is under way to create a single bill that would combine elements of all of them, possibly including language on cybercrime reporting and information sharing. As Rosenzweig writes, “About the only certain thing is that the question of cyber security is likely to set a new world record for competing bills with bipartisan co-sponsors. Everyone agrees the problem is important – they just don’t agree at all on what to do about it.”
While there is no clear picture of what the final cyber security bill will look like, there will likely be a lot of fighting about what it addresses. Corporations are concerned that they will face greater regulation and be required to share sensitive information with the government, while security experts worry the government will not go far enough. And still, this is the farthest that any legislation has gone and so it is a step in the right direction.
COMMENTS