A group of Republican Senators introduced on Wednesday a revised version of a previously proposed bill that seeks to improve cybersecurrity through improved information sharing between private industry and government.
The new Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology Act (SECURE IT) is being proposed as a less regulatory alternative to another Senate bill called the Cybersecurity Act that was introduced earlier this year by Senate Democrats.
The main difference between the two bills is that the Republican version does not give any new regulatory authority to the federal government to set cybersecurity standards like the Democratic version does. The new version of SECURE IT also restricts the purposes for which government can retain and use cyber-threat information.
SECURE IT, backed by Senators John McCain (R-AZ), Kay Bailey Hutchison (R-TX), Chuck Grassley (R-IA), Saxby Chambliss (R-GA), Lisa Murkowski (R-AK), Dan Coats (R-IN), Ron Johnson (R-WI), and Richard Burr (R-NC), will allow companies to legally share real-time cyber-threat information from their networks with other industry stakeholders, law enforcement and government.
Security experts believe that such information sharing is vital to combating cyber attacks. The bill will also encourage investment in tools and skills for preventing and remediating cyber attacks.
In addition, SECURE IT seeks to strengthen criminal statutes against cyber crime and will require federal contractors to notify their government customers of any security incidents related to their service.
Many of the objectives are similar to those proposed in the Cybersecurity Act. What's different is that SECURE IT does not give the government any new regulatory authority.
The Democratic bill gives the United States Department of Homeland Security the right to evaluate the security practices of critical infrastructure operators. It would require operators that are found deficient in their security practices to work with the DHS to remedy the situation.
With SECURE IT, the focus is more on deterrence rather than regulation, the senators who sponsored the bill said on Wednesday in a statement.
"I have no faith that federal regulators should take the lead on cybersecurity," Sen. Johnson said in the statement. "The regulatory process simply cannot keep up with the rapid pace of technology. Rather than try to impose a comprehensive approach, we need to take this one step at a time -- building confidence between government and the private sector, and ensuring protections for civil liberties."
The revised version of SECURE IT tightens up the definition of cyber-threat information. It also spells out the responsibilities of government organizations and industry stakeholders when sharing cyber-threat information.
It includes language aimed at ensuring that federal agencies adopt and update security tools for combating cyber-threats. "The surest and quickest way to improve cybersecurity in this country is to leverage the capabilities and flexibility of the private sector instead of creating costly layers of government bureaucracy," Sen. Coats said in the statement.
House lawmakers passed their version of a similar information-sharing bill (H.R. 3523) in April. The bill, called the Cyber Intelligence Sharing and Protection Act ( CISPA), attracted considerable criticism from privacy advocates and others, who fear it will eviscerate privacy rights.
President Obama has threatened to veto any cybersecurity bill that lands on his desk containing the same provisions than CISPA does.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is [email protected].
Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Topic Center.