WASHINGTON – Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman, ID-Conn., and Ranking Member Susan Collins, R-Maine, Thursday heard from advocates and detractors of comprehensive, bipartisan cybersecurity legislation, as word came that a group of Republicans will introduce their own legislation in the coming days.
Discussion about the Cybersecurity Act of 2012, S. 2105, occurred at a Committee hearing on the bill, sponsored by Lieberman, Collins, Commerce Committee Chairman Jay Rockefeller, D-W.Va., and Select Intelligence Committee Chairman Dianne Feinstein, D-Ca. Rockefeller and Feinstein testified on the need for the legislation and their years of work to better secure critical cyber networks.
“I am heartened that Republicans will offer their own cybersecurity proposal so that we can engage in rigorous debate and pass badly needed legislation this year,” Lieberman said, “because to me it feels like it is Sept. 10, 2001. The system is blinking red – again. Yet, we are failing to connect the dots – again. We have come so far and in such a bipartisan way that we cannot allow this moment to slip away from us. We need to act now to defend America’s cyberspace as a matter of national and economic security. “
Collins said: “The warnings of our vulnerability to a major cyber attack come from all directions and countless experts, and are underscored by the intrusions that have already occurred. Each day we fail to act, the threat increases to our national and economic security.”
Homeland Security Secretary Janet Napolitano advocated for the bill. Former HomelandSecuritySecretary Tom Ridge spoke against it, on behalf of the Chamber of Commerce, but did thank the bill sponsors for making accommodations to address Chamber concerns.
The Cybersecurity Act of 2012 would require the Department of Homeland Security to conduct risk assessments of the nation’s core critical infrastructure before determining which should be covered by the bill. DHS would then work hand in glove with the owners/operators of designated critical infrastructure to develop risk-based performance requirements, based on current standards or industry practices.
The owners of a designated system would have the right to appeal, would determine how best to meet the performance requirements, and then verify that it was in compliance. If a designated system’s cybersecurity was sufficient, it would not be required to implement new security standards.
The legislation is the result of at least three years of intensive work and scores of hearings – 10 in just HSGAC since 2005. Both HSGAC and the Commerce Committee passed similar legislation in the last Congress.
Last August, Majority Leader Reid, after consulting with Minority Leader McConnell, established bipartisan working groups to hammer out the final details. Despite the invitation, Republicans refused to engage in negotiations. But Senator John McCain, R-Ariz., told the Committee Republican legislation was forthcoming.
In addition to Rockefeller, Feinstein, Napolitano, and Ridge, witnesses included: former DHS Assistant Secretary for Management Stewart Baker; James A. Lewis, Director and Senior Fellow of the Technology and Public Policy Program at the Center for Strategic and International Studies; and Scott Charney, Corporate Vice President, Trustworthy Computing Group for Microsoft Corporation.