Main Nav

Senate Introduces the Cybersecurity Act of 2012; Holds Hearing

Homeland Security and Governmental Affairs Committee Chairman Senator Joe Lieberman (ID-Conn.), Ranking Member Senator Susan Collins (R-Maine), Commerce Committee Chairman Senator Jay Rockefeller (D-W.Va.), and Select Intelligence Committee Chairwoman Senator Dianne Feinstein (D-Ca.) introduced the Senate version of comprehensive cybersecurity legislation (S. 2105, The Cybersecurity Act of 2012) and held a hearing to announce their intentions of taking the bill to the floor for a vote.  Senator Rockefeller in his testimony remarked that this bill is the result of two years of intense discussion and negotiation and stressed that no one can claim that the process has not been open.  The committee is not expected to conduct a markup before taking the bill as written to the Senate floor.

The bill, based upon a similar version introduced by Senator Rockefeller in a previous Congress, no longer contains the controversial provision that became known as the “Internet kill switch”.  The private sector remains concerned that it introduces too much government regulation by introducing more government control over the cybersecurity of “critical infrastructure”. 

The bill is considered “comprehensive” cybersecurity legislation because of the scope of its provisions:

  • Protection of critical infrastructure:  demands sector-by-sector risk assessments, establishes a procedure for designation of covered critical infrastructure, and other provisions;
  • Protection of government networks:  introduces reforms to the Federal Information Security Management Act (FISMA) and the management of government information technology;
  • Clarification and strengthening of existing roles and authorities:  establishes a National Center for Cybersecurity and Communications in the U.S. Department of Homeland Security;
  • Education and workforce development:  strengthens national education and awareness campaign and provides for education, recruitment, and training of cybersecurity workforce;
  • Research and development:  expands upon existing efforts to create a research and development program for the purpose of improving the security of information infrastructure;
  • Federal acquisition risk management strategy:  calls for a strategy designed to ensure, based on mission criticality and cost effectiveness, the security of the Federal information infrastructure;
  • Information Sharing:  establishes a process for peer sharing among the private sector and sharing with the government in a manner that minimizes liability and improves timeliness and effectiveness;
  • Public Awareness Reports:  mandates a series of reports to the public, including cyber incidents against Government networks, prosecution for cybercrime, research relating to secure domain, and other topics; and
  • International Cooperation:  seeks to coordinate international cyber issues with the United States Government and the consideration of cybercrime in foreign policy and foreign assistance programs

EDUCAUSE is continuing to study the 205 pages of legislation and measure the potential impact on higher education.



Tags from the Community