Senate Commerce Circulates ‘Bipartisan Consensus’ Cybersecurity Bill
Senate Commerce Committee leaders circulated draft cybersecurity legislation that’s meant to be a “bipartisan consensus,” a committee official told us Thursday. The bill, backed by Committee Chairman Jay Rockefeller, D-W.Va., and Ranking Member John Thune, R-S.D., is expected to be marked up by the end of the month, said the official. The draft is the Senate’s first attempt at enacting cybersecurity legislation in the 113th Congress. The House passed a revised version of the Cyber Intelligence Sharing and Protection Act (HR-624) in April, but industry officials have said they don’t believe it will pass the Senate, and the White House has threatened a veto.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
The Senate Commerce draft said it would formalize cybersecurity as one of the National Institute of Standards and Technology’s priority focus areas, giving it responsibility to develop a voluntary set of cybersecurity standards and best practices for critical infrastructure sectors on an ongoing basis. The bill would require the NIST-developed standards to be voluntary and developed in conjunction with industry. The standards would also need to not conflict with existing federal regulatory requirements, be technology neutral and align with voluntary international standards. NIST has been working with critical infrastructure actors since February to develop a voluntary Cybersecurity Framework as part of President Barack Obama’s cybersecurity executive order. NIST plans to release a preliminary version of the framework in October (CD Feb 14 p1).
Senate Republicans balked at the Senate’s final attempt to pass cybersecurity legislation last year, the Cybersecurity Act of 2012 (S-3414), because they viewed a provision meant to encourage adoption of cybersecurity guidelines as instituting a “regulatory regime” on critical infrastructure owners and operators (CD Dec 27 p6). The new draft bill would give NIST the authority to continue developing cybersecurity standards with industry once Obama’s executive order expires, the committee official said.
The draft bill said it would strengthen cybersecurity research, calling for the White House Office of Science and Technology Policy to develop a national cybersecurity research and development plan. The bill calls for coordination of cybersecurity R&D activities at NIST, the National Science Foundation, other federal agencies, academic institutions and the private sector as a way of addressing knowledge gaps that may be preventing creation of secure technology. The bill would also direct agencies participating in the Networking and Information Technology Research and Development program to support research on cybersecurity science.
The legislation calls for strengthening cybersecurity education and certification programs, directing the National Academies to study the current status of those programs. The bill would enable support of America COMPETES Act-authorized competitions as a way of stimulating innovative cybersecurity research, and would give congressional authorization to an NSF cyber scholarship-for-service program. The legislation would also direct NIST to continue coordinating with other federal agencies to start cybersecurity public awareness campaigns and efforts to support formal cybersecurity education. The bill would require NIST to develop a strategic plan to evaluate and forecast the federal government’s workforce needs related to cybersecurity.
Rockefeller “strongly supports” other Senate committees’ efforts to draft legislation on other cybersecurity-related issues, including information sharing and reforming the Federal Information Security Management Act, the committee official said. Senate Intelligence Committee Chairwoman Dianne Feinstein, D-Calif., said she is drafting information-sharing legislation.