Cyber-security Bill Pushes for Private Sector Cooperation

A new version of a controversial cyber-security bill has been introduced in the Senate with an emphasis on partnerships between the government and private sector. A previous draft of the bill touched off controversy last year when critics said it allowed the president to shut down the Internet in the event of a national emergency.

A new version of a controversial cyber-security bill was introduced to the Senate March 17 with updated language to lessen opposition from the tech industry and civil libertarians.

The new draft avoids a major sticking point regarding the expansion of presidential powers in the event of a national cyber-emergency. When the bill was introduced last year, a provision that allowed the president to declare a national emergency and "order the limitation or shutdown of Internet traffic to and from any compromised Federal Government or United States critical infrastructure information system or network" triggered a backlash from those worried about the Oval Office having too much power.

In the new version of the bill, there is an emphasis put on the president collaborating with industry to develop plans for dealing with an emergency, and it states explicitly in Section 201 that the office of the president is not being given new powers or having its current authority expanded by the bill.

"The Rockefeller-Snowe initiative seeks to bring new high-level governmental attention to developing a fully integrated, thoroughly coordinated public-private partnership," said Sen. Olympia Snowe, R-Maine, a co-sponsor of the bill, in a statement. "It is imperative that the public and private sectors marshal our collective forces in a collaborative and complementary manner to confront this urgent threat."

Along those lines, the bill calls for the government to partner with industry to designate critical IT infrastructure. In addition, the president is required to collaborate with private sector critical infrastructure companies to identify the best training programs and industry practices. Companies will then be required to meet those standards. If they fail two consecutive audits, the companies would be required to work with the government and others in their respective industry to develop a remediation plan.

"At this very moment, sophisticated cyber enemies are trying to steal our identities, our money, our business innovations, and our national security secrets," said Sen. Jay Rockefeller, D-W.Va., another co-sponsor, in a statement. "This 21st century threat calls for a robust 21st century response from our government, our private sector and our citizens. Private companies and the government must work together to protect our nation, our networks and our way of life from the growing cyber threat."

A full summary of the bill's provisions can be found here (PDF). The legislation is slated to be marked up March 24.