Current version of Senate legislation eliminates provision that permitted the president to shut down the Internet in the event of a major cyber attack.
The Senate Wednesday re-introduced a cybersecurity bill it considered last year, minus a provision that would have allowed the president to shut down the Internet in the event of a major cyber attack.
The Cybersecurity Act, S. 773, co-sponsored by Senators Jay Rockefeller (D-W.Va.) and Olympia Snowe (R-Maine), is aimed at protecting critical U.S. network infrastructure against cybersecurity threats by fostering collaboration between the federal government and the private sectors that maintain that infrastructure.
The legislation was originally introduced last April in a two-bill package that together called for the creation of a national cybersecurity adviser, as well as aimed to revise cybersecurity processes and oversight in government, facilitate public-private partnerships on keeping computer systems safe, fund cybersecurity research, and encourage the hiring of more cybersecurity specialists.
Companion legislation that would create the national cybersecurity adviser position -- the National Cybersecurity Advisor Act, S.778 -- is still pending before the Senate Committee on Homeland Security and Government Affairs.
The new Cybersecurity Act more or less maintains the goals of the original bill, but also has some key differences.
One big one is that it no longer gives the president unilateral power to disconnect networks from the Internet in the event of a major cyber attack.
As written now, the bill requires the president to work with organizations that own critical network infrastructure to come up with cybersecurity emergency response plans rather than take action on his own.
The bill also includes new provisions. One creates a process for the president and those in the private sector that maintain and own critical infrastructure to come together to decide which IT systems are most crucial to national security and how they should be secured.
Another provision requires the president to provide security clearances to some private-sector officials at those organizations so they have access to classified cyber-threat information they wouldn't otherwise be privy to.
Cybersecurity is a major priority for the Obama Administration, which requested $866 million to protect networks and data in its recently announced fiscal 2011 budget.
Though that figure is slightly less than what was allocated in 2010, officials maintain cybersecurity remains top of mind for the administration, a sentiment reflected in the reintroduction of the Senate bill and other recent government actions.
The House last month passed its own cybersecurity bill, the Cybersecurity Enhancement Act of 2009 (HR 4061), first introduced by Rep. Daniel Lipinski (D-IL) last year.
That bill, though not as broad in scope as the Senate bill, funds research and development for a comprehensive cybersecurity plan that would involve the cooperation of several federal agencies.
The Department of Homeland Security also is taking steps to foster better communication between government intelligence officials and private-sector organizations looking after critical networks.
Through a pilot program the DHS recently launched, CIOs and CSOs from state and local governments as well as private-sector organizations will periodically be allowed to access classified intelligence information regarding cyber threats from state and local fusion centers.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.