PC Magazine: Senators Propose New Cybersecurity Bill, Update to FISMA
By Damon Poeter
Leading Republican senators on Thursday introduced new legislation aimed at strengthening U.S. cybersecurity through a series of actions that include beefing up criminal statutes for cybercrimes and improving collaboration and information sharing between government and the private sector.
Co-sponsors of the Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology Act, or SECURE IT, are Senators John McCain (R-Ariz.), Sen. Kay Bailey Hutchison (R-Tex.), Chuck Grassley (R-Iowa), Saxby Chambliss (R-Ga.), Lisa Murkowski (R-Ark.), Dan Coats (R-Ind.), Ron Johnson (R-Wisc.), and Richard Burr (R-N.C.).
"The SECURE IT Act strengthens America's cybersecurity by promoting collaboration and information-sharing, updating our criminal laws to account for the growing cyber threat and enhancing research programs to protect our critical networks," said Sen. McCain said in a statement. "This legislation will help us begin to meet the very real threat of cyber attack."
The proposed law would update the current federal IT security law, the Federal Information Security Management Act (FISMA), while maintaining the roles of the National Institute of Standards and Technology (NIST) and the Department of Commerce in overseeing security standards for the federal government.
SECURE IT would also require federal telecom and IT security contractors to report information to the government about cyberthreats related to the services they provide.
While the new legislation contains regulatory prescriptions and language about "strengthening" existing cybersecurity research and development programs, Sen. Chambliss contended that it was not a recipe for expanding federal spending and oversight.
"Now is not the time for Congress to be adding more government, more regulation, and more debt—especially when it is far from clear that any of it will enhance our security," Chambliss said. "Our bill offers the right solution to improving our nation's cybersecurity by encouraging collaboration, investment, and innovation."
But the National Retail Federation (NRF) came out strongly against the proposed legislation and a separate cybersecurity bill introduced in the Senate last month called the Cybersecurity Act of 2012.
NRF senior vice president for government relations David French said in a statement that the measures contained in the two bills "could force retailers to unnecessarily spend millions of dollars on data monitoring services for customers if their databases were hacked."
"Cybersecurity legislation includes the laudable goal of increasing information sharing between the government and private sector, but the goals underlying the cybersecurity legislation and provisions in data breach notification legislation are fundamentally contradictory," he said. "Juxtaposing these contrasting proposals would place businesses in a precarious position when their systems are attacked by cyber criminals.
French said "many" retailers feared that "any measure dealing with Internet security could become a vehicle to which lawmakers would try to attach long-pending proposals regarding online security and privacy."