Cybersecurity Bill Gets Big Capitol Hill Rollout
A long-awaited cybersecurity bill introduced Thursday in the Senate Homeland Security Committee would give the president authority to declare a “national cyber emergency” and take emergency measures to fight it without further congressional approval. It would establish a national cybersecurity center and a formal cybersecurity czar appointed by the president and confirmed by the Senate. The bill was introduced by committee Chairman Joe Lieberman, I-Conn., ranking member Sen. Susan Collins, R-Maine, and Sen. Thomas Carper, D-Del.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
The bill would “provide a responsible framework” developed with private industry for the president to authorize “emergency measures” to protect critical cyber infrastructure in the event of an attack on networks, it said. The authority would expire after 30 days but could be extended by presidential order. The president would have to notify Congress in advance of the threat and emergency measures, but would not need congressional approval. The bill’s supporting documents explicitly say no new surveillance authorities are authorized and that the federal government cannot “take over” private networks. But they do not state what rises to the level of a cybersecurity emergency other than if the nation’s most critical infrastructure is being or is about to be exploited.
The bill would establish a White House Office for Cyberspace Policy and a director appointed by the president and confirmed by the Senate. The director would advise the president on cybersecurity matters, lead federal efforts and develop a national strategy to protect cyberspace. To maintain transparency and congressional oversight, the director would have to report to Congress on a regular basis about the office’s activities. The bill also would create a National Center for Cybersecurity and Communications organization at the Department of Homeland Security, that would lead federal efforts to protect public and private sector cyber and communications networks. It also would establish security requirements for the most critical portions of the nation’s communications infrastructure, including vital components of the electric grid and telecom networks. Private networks could choose how they would comply with the requirements. Private networks that complied with the requirements would receive liability protections. The center would have its own Senate-confirmed director who would advise the president on cybersecurity in federal networks.
Other cybersecurity initiatives proposed in the bill include changing the Federal Information Security Management Act to give it a faster response to cyberthreats against the federal government, reshape procurement so contracting officers would consider the security risks in IT procurements and require training for the federal acquisition workforce to improve network security.
"I commend Senators Lieberman and Collins for proposing solutions to this critical national security challenge,” said Sen. Jay Rockefeller, D-W.Va., on Thursday. Rockefeller helped introduce the Rockefeller-Snowe Cybersecurity Act earlier this year, which was approved by the Senate Commerce Committee in March (CD March 25 p11). It awaits a Senate vote. The bill’s other sponsor also gave it glowing reviews. “The broad overlap between this measure and the Rockefeller-Snowe initiative further underscores the bipartisan consensus within the Congress to confront the urgent threat,” said Sen. Olympia Snowe, R-Maine.
Reaction was more cautious off Capitol Hill. The bill includes some privacy protections for Internet communications that federal agencies may want in connection with cybersecurity, but it doesn’t clarify whether the president’s broad emergency powers give him authority to shut down or limit Internet traffic, said Center for Democracy and Technology President Leslie Harris. The bill said the president isn’t supposed to have an Internet “kill switch,” and CDT will work to ensure the final version reflects that intention. Harris also said the legislation should clarify what critical infrastructure is subject to its “exacting” requirements. The Lieberman bill is well-intentioned but could have “unintended consequences,” said Phillip Bond, president of TechAmerica. While the bill tries to restrict itself to critical infrastructure, the interconnected nature of networks makes that almost impossible, said Bond. “If the bill passes in its current form, it will turn DHS into a significant regulatory agency. Regulations like these could seriously undermine the very innovation we need to stay ahead of the bad actors and prosper as a nation.” TechAmerica does support elevating the federal government’s cyberdefense efforts to a center at DHS and a White House cyberczar.
Meanwhile, the IWeb has grown into a global community of 1.8 billion users since the Internet age began 41 years ago with the transmission of a single word -- “login” -- between computers at Stanford and UCLA , wrote Lieberman, Collins and Carper in an op-ed piece in Politico Thursday. “It is a necessity for millions of consumers, businesses and governments worldwide. But it is also a dark alley, where criminals can lurk, and a battleground that our enemies will try to seize and use against us.”