CybersecuritySenate panel to vote this week on cybersecurity bill

Published 29 July 2013

The Senate Commerce Committee will this week vote on an industry-backed cybersecurity bill before Congress takes an August recess. Last year the Senate twice tried, and failed, to pass a cybersecurity bill because of GOP opposition to it. GOP lawmakers objected to a bill imposing mandatory cybersecurity standards on industry, and instead called for a bill which would make the adoption of cybersecurity standards voluntary. The bill now being considered in the Commerce Committee calls for industry and NIST to develop a cybersecurity framework for industry (something NIST is already doing following a presidential executive order), and for industry voluntarily to adopt it.

The Senate Commerce Committee will this week vote on an industry-backed cybersecurity bill  before Congress takes an August recess.

The Hillreports that the vote will be the first major move on a cybersecurity legislation aiming to protect U.S. critical infrastructure from cyberattacks.

If the bill becomes law, it will turn into law some parts of President Obama’s cybersecurity executive order, which instructs the National Institute of Standards and Technology (NIST) to team up with infrastructure companies to develop a set of cybersecurity standards – the draft standards will be ready by October – and encourages industry to adopt these standards.

Jay Rockefeller (D-West Virginia), who heads the Senate committee, told theHill that he wants a cybersecurity bill passed after spending the last four years working hard on the issue and before he retires next year.

“I just want to get something on cybersecurity going, some momentum,” Rockefeller said following a hearing on Thursday that examined NIST’s work with industry to craft a cyber framework. “There are three committees that can do something on it, and we’re one of them.”

Rockefeller is also on the Senate Intelligence Committee, which plans on developing an information sharing bill which would make it simpler for the industry and the government to warn each other about cyber threats.

“Acting alone, this committee cannot make all of the changes needed to give our government and businesses the tools they need to make real progress on cybersecurity,” Rockefeller said during his opening statements at the hearing.

Last year the Senate twice tried, and failed, to pass a cybersecurity bill because of GOP opposition to the bill. GOP lawmakers objected to the bill imposing mandatory cybersecurity standards on industry, and instead called for a bill which would make the adoption of cybersecurity standards voluntary.

This year’s bill is supported by industry. The bill states that the NIST cybersecurity framework is voluntary. NIST director Patrick Gallagher testified on Friday that the standards will take from the best practices of computer security standards across various industries.

“Since the goal here is to put this into use, having a standard on the shelf is not going to help anyone,” Gallagher told the Senate panel. “The more we can rely on good business practices, the better off this will work.”

Industry representatives at the hearing have said they support the bill because it takes the right approach by making the standards voluntary and industry-led.

“We appreciate your balanced, non-regulatory approach,” Dorothy Coleman, vice president of tax and domestic economic policy at the National Association of Manufacturers, told the panel.