ISPLA News-S 2105, the Cybersecurity Act of 2012
- In a Homeland Security Committee Press Release of February 14 the following
To guard against the nation's increasing vulnerability to cyber attack, a
group of Senate Committee leaders introduced bipartisan legislation Tuesday
to secure the cyber systems of the essential services that keep our nation
running. The Senators were Homeland Security and Governmental Affairs
Committee Chairman Joe Lieberman, ID-CT, Ranking Member Susan Collins, R-ME,
Commerce Committee Chairman Jay Rockefeller, D-WV, and Select Intelligence
Committee Chairman Dianne Feinstein, D-Ca.
The Cybersecurity Act of 2012, S. 2105, and the product of three years
worth of hearings, consultations, and negotiations, envisions a
public-private partnership to secure those systems which if commandeered or
destroyed by a cyber attack could cause mass deaths, evacuations,
disruptions to life-sustaining services, or catastrophic damage to the
economy or national security.
"This bill would begin to arm us for battle in a war against the cyber
mayhem that is being waged against us by our nation's enemies, organized
criminal gangs, and terrorists who would use the Internet against us as
surely as they turned airliners into guided missiles," Lieberman said. "The
nation responded after 9/11 to improve its security. Now we must respond to
this challenge so that a cyber 9/11 attack on America never happens"
Rockefeller said: "I can't think of a more urgent issue facing this
country. Hackers are stealing information from Fortune 500 companies,
breaking into the networks of our government and security agencies and
toying with the networks that power our economy. The new frontier in the war
against terrorists is being fought online and this bill will level the
playing field. We can and will stop cyber criminals from getting the upper
hand. This comprehensive legislation is an important step towards securing
the Internet from cyber theft"
Collins said: "Our nation's vulnerability has already been demonstrated by
the daily attempts by nation-states, cyber criminals, and hackers to
penetrate our systems. The threat is not just to our national security, but
also to our economic well-being. A Norton study last year calculated the
cost of global cybercrime at $114 billion annually. When combined with the
value of time victims lost due to cybercrime, this figure grows to $388
billion globally, which Norton described as 'significantly more' than the
global black market in marijuana, cocaine and heroin combined. Our bill is
needed to achieve the goal of improving the security of critical cyber
systems and protecting our national and economic security"
Feinstein said: "Alongside terrorism, cybersecurity is perhaps the number
one threat facing our nation today, but many obstacles exist that prevent
the cooperation and coordination needed to deter this growing threat. It's
past time that the government and the private sector join together to
address the widespread and devastating effects that cyber intrusions are
having on our country."
The legislation reflects recommendations from companies and trade
associations representing the information technology, financial services,
telecommunications, chemical, and energy sectors, among others. National
security, privacy and civil liberties experts also provided essential
counsel. Majority Leader Harry Reid's support was instrumental.
The Senators stressed that the Cybersecurity Act of 2012 in no way resembles
the Stop Online Piracy Act or the Protect Intellectual Property Act, which
involved the piracy of copyrighted information on the internet. The
Cybersecurity Act involves the security of systems that control the
essential services that keep our nation running - for instance, power,
water, and transportation.
To move the legislative process forward, the Senators have not included
emergency authorities for the president, as previous bills did. The
legislation also does not contain a special White House cybersecurity
Both the Homeland Security and Governmental Affairs and the Commerce
Committees have held several hearings over the years on cybersecurity. In
the 111th Congress, both Committees marked up and reported out cybersecurity
legislation. In the 112th Congress, the two Committees merged their bills,
refined and perfected them to produce new legislation.
The Cybersecurity Act of 2012 would require:
The Department of Homeland Security to assess the risks and vulnerabilities
of critical infrastructure systems - whose disruption from a cyber attack
would cause mass death, evacuation, or major damage to the economy, national
security, or daily life - to determine which should be required to meet a
set of risk-based security standards.
Owners/operators who think their systems were wrongly designated would have
the right to appeal.
DHS to work with the owners/operators of designated critical infrastructure
to develop risk-based performance requirements, looking first to current
standards or industry practices. If a sector is sufficiently secured, no new
performance requirements would be developed or required to be met.
The owners of a covered system to determine how best to meet the performance
requirements and then verify that it was meeting them. A third-party
assessor could also be used to verify compliance, or an owner could choose
to self-certify compliance Current industry regulators to continue to
oversee their industry sectors.
Information-sharing between and among the private sector and the federal
government to share threats, incidents, best practices, and fixes, while
maintaining civil liberties and privacy.
DHS to consolidate its cybersecurity programs into a unified office called
the National Center for Cybersecurity and Communications.
The government to improve the security of federal civilian cyber networks
through reform of the Federal Information Security Management Act.
......And in Federal News Radio:
"Consider the warning signs, hackers now seem to be able to routinely crack
the codes of our government agencies, including the most sensitive ones,"
said Sen. Jay Rockefeller (D-W.Va.) in a floor statement introducing the
bill Tuesday. "Our Fortune 500 companies, they do routinely, and then
everything in between. Adm. Mike Mullen, former Joint Chiefs chairman, said
the cybersecurity threat is the only other threat that is on the same level
as Russia's stockpile of nuclear weapons. Loose nukes, if you will. FBI
Director Robert Mueller testified to Congress very recently that the cyber
threat will soon overcome terrorism as the top national security focus of
ISPLA Director of Government Affairs
Your Proactive Voice from State Capitols to the Nation's Capitol
[Non-text portions of this message have been removed]