bestnom1000x50

Elements of Whitehouse-Kyl Compromise in Cybersecurity Bill

Senator Sheldon Whitehouse, liberal warrior, is looking like the paragon of statesmanlike compromise of late.

His DISCLOSE Act, which aims to shed light on those bankrolling the sort of independent political groups playing an outsize role in the presidential race, didn't win any GOP votes in the Senate this week. But former Republican senators Warren Rudman and Chuck Hagel offered praise for "a bold display of compromise."   

Now, another bi-partisan push. And this one may have some legs.

When Senator Joe Lieberman's cybersecurity bill stumbled in the face of opposition from Senator John McCain and other Republicans, Whitehouse and Arizona Republican Jon Kyl were at the center of a push for a compromise.

Their initial framework died in the face of corporate opposition. But now, Lieberman is out with a new bill. And elements of the Whitehouse-Kyl effort have been included in the measure. From The Hill:

Senate Homeland Security Committee leaders Sens. Joe Lieberman (I-Conn.) and Susan Collins (R-Maine) introduced a revised version of their cybersecurity bill on Thursday.

The latest version of the bill includes elements of a voluntary program outlined in a compromise framework drafted by a bipartisan group of senators led by Sens. Sheldon Whitehouse (D-RI) and Jon Kyl (R-Ariz.).

“While the bill we introduced in February is stronger, this compromise will significantly strengthen the cybersecurity of the nation’s most critical infrastructure and with it our national and economic security," said Lieberman. “We responded after the 9/11 attacks to improve our security. Now we must respond to this latest challenge before a cyber 9/11 occurs.”

Senate Majority Leader Harry Reid (D-Nev.) on Thursday put the new version of the bill on the Senate calendar.

The revised bill proposes to establish a multi-agency council, called the National Cybersecurity Council, that would assess the risks and vulnerabilities found in computer systems of critical infrastructure. The council would be chaired by the Homeland Security Secretary and include members from the Pentagon, Department of Commerce, Justice Department, intelligence community and federal regulatory agencies that oversee critical infrastructure for specific sectors.

The critical infrastructure section of the bill no longer requires companies that operate critical infrastructure to meet a set of security standards and incorporates some of the ideas proposed in the Whitehouse-Kyl framework. Instead, critical infrastructure operators could elect to participate in a voluntary cybersecurity program where they can show through self-certification or a third party assessment that they meet a set of cybersecurity practices in exchange for incentives. Those voluntary cybersecurity practices would be developed by private industry groups but reviewed and approved by the council. 

However, infrastructure that is deemed critical--or would result in mass casualites, devastating economic or systemic damage if disabled--would be required to report if a significant cyber incident hit their computer systems. That type of incident would include the "exfiltration of data" or "the defeat of an operational control or technical control" that is key to operating and securing the infrastructure.

There is substantial doubt among cybersecurity experts about whether a voluntary program is sufficient to protect the nation's critical infrastructure. But most agree that an incremental step, here, is politically doable and will mark some progress.

As I argued yesterday, incrementalism may not be as effective when it comes to the DISCLOSE Act and campaign finance reform. 

 

| More


ADVERTISEMENT
 Friends' Activity   Popular 
All Blogs
Follow the Phoenix
  • newsletter
  • twitter
  • facebook
  • youtube
  • rss
ADVERTISEMENT
Latest Comments
ADVERTISEMENT
Search Blogs
 
Not For Nothing Archives