The Cybersecurity Act of 2012 will finally come up for debate on the Senate floor on July 30, and a number of senators say they'll introduce amendments to tweak the bill to their liking.
On July 26, a large majority of senators from both parties voted 84 to 11 to bring the bill up for consideration after the bill sponsors excised provisions from an earlier version that would have granted the U.S. federal government authority to regulate the mostly privately run national critical IT infrastructure [see Senators Purge Regulations from Cybersecurity Bill] and Senate Majority Leader Harry Reid promised that lawmakers could offer germane amendments.
Sen. Kay Bailey Hutchison, R-Texas, is expected to introduce an amendment that would replace the language of the Cybersecurity Act with that of the SECURE IT Act, a Republican alternative of the cybersecurity bill that does not establish IT security standards on business. President Obama, in announcing his support for the Cybersecurity Act, says he would veto the measure if Congress fails to enact IT security standards [see Obama Calls for Passage of Cybersecurity Act].
The SECURE IT Act also does not grant the Department of Homeland Security additional sway in overseeing cybersecurity. The Cybersecurity Act, as written, charges DHS with working with industry to establish IT security standards that could be voluntarily adopted by the private sector. It also designates DHS as an arbiter, of sorts, over federal government civilian agency IT security.
Other amendments reportedly being considered would strengthen liability protections for businesses that share cyberthreat information with the government and other businesses, toughen data privacy protections, establish a national data breach law, enhance penalties for computer fraud and bolster security on the electrical power grid.
Less controversial are provisions in the bill to update the Federal Information Security Management Act, or FISMA, that would codify practices within the federal government to fortify departmental and agency IT security by, among other things, require agencies to continuously monitor and conduct penetration tests of IT systems [see Beyond the Hype of the Cybersecurity Act].
The bill, if passed, would need to be reconciled with the House-approved Cyber Intelligence Sharing and Protection Act, or CISPA [see Comparing Cybersecurity Legislation] before the final measure could be sent to Obama for his signature.