Senate Panel Passes Cybersecurity Bill

Creating Voluntary IT Security Best Practices for Industry

By , July 31, 2013.
Senate Panel Passes Cybersecurity Bill

Bipartisanship, a rare commodity in Congress, surfaced in the Senate Commerce Committee, which approved by a voice vote cybersecurity legislation that codifies President Obama's cybersecurity framework.

See Also: CEO Bob Carr on EMV & Payments Security

That framework would create IT security best practices that the owners of the mostly privately held critical infrastructure could voluntarily adopt. The framework is being written by a government-industry team led by the National Institute of Standards and Technology, which the Senate panel oversees [see NIST Unveils Draft of Cybersecurity Framework].

Technically, the bill sponsored by committee Chairman Jay Rockefeller, D-W.Va., and ranking member John Thune, R-S.D., goes to the Senate for consideration. But if precedent is followed, their bill could be merged with other cybersecurity measures that should emanate from other committees, such as a still-to-be-drafted measure from the Senate Homeland Security and Governmental Affairs Committee to reform the Federal Information Security Management Act, the law that governs federal government IT security, as well as legislation to foster cyberthreat information sharing between the government and industry.

Building Momentum

"Sen. Thune and I reached strong bipartisan consensus with the Cybersecurity Act that was passed out of committee today," Rockefeller, D-W.Va., said in a statement issued after the bill's passage on July 30. "I'm confident that others will follow our lead and develop their own bipartisan bills with key elements, including information sharing, that will complement our work to help strengthen and improve our economic and national security. Now that the Commerce Committee has passed its bill, we've got to build on today's momentum and get it to the floor."

Besides the framework, the bill addresses cybertraining, education and awareness.

Congress hasn't enacted significant cybersecurity legislation in a decade. Last year, a comprehensive cybersecurity bill couldn't muster enough votes to overcome a Senate filibuster [see Senate, Again, Fails to Halt Filibuster]. Congress' failure to enact cybersecurity legislation led President Obama to issue in February an executive order calling for the creation of the framework and the promotion of cyberthreat information sharing [see Obama Issues Cybersecurity Executive Order].

Senate Playing Catch-Up

The House has been more active than the Senate on the cybersecurity legislative front. In April, the House passed legislation to reform FISMA as well as advance cybersecurity research and development [see FISMA Reform Passes House on 416-0 Vote].

Also in April, a House panel passed the Cyber Intelligence Sharing and Protection Act, which aims to create a mechanism for the government and industry to share cyberthreat information [see CISPA Clears House Intelligence Panel]. Obama has threatened to veto that bill unless it's modified to strengthen and safeguard privacy and civil liberties, preserve long-standing roles of civilian and intelligence agencies and provide for appropriate sharing with targeted liability protections [see White House Threatens CISPA Veto, Again].

Follow Eric Chabrow on Twitter: @GovInfoSecurity

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Hackers Wield Extortion

More hackers are holding data for ransom, demanding everything from bitcoins to the shutdown of...

Latest Tweets and Mentions

ARTICLE Hackers Wield Extortion

More hackers are holding data for ransom, demanding everything from bitcoins to the shutdown of...

The ISMG Network