After months of revisions, Sens. Jay Rockefeller (D-WVa) and Olympia Snowe (R-ME) released their latest Cybersecurity Act 2010, which would address the nation’s flagging cyber-security efforts. The Senate Commerce is expected to mark up the legislation March 24.
The legislation is the culmination of nearly a year’s worth of consultation and input from cyber-security experts in the private sector, government and civil liberties community.
“The networks that American families and businesses rely on for basic day-to-day activities are being hacked and attacked every day. At this very moment, sophisticated cyber-enemies are trying to steal our identities, our money, our business innovations and our national security secrets,” Rockefeller said in a statement. “This 21st century threat calls for a robust 21st century response from our government, our private sector and our citizens. Private companies and the government must work together to protect our nation, our networks and our way of life from the growing cyber-threat.”
The legislation provides a framework for engagement and collaboration between the private sector and government on cyber-security while addressing earlier concerns about civil liberties, proprietary rights and confidential and classified information. The bill does not criminalize any conduct, contain any criminal law provisions or provide any resources for law enforcement agencies.
It does require a report ad promotes cyber-security public awareness, education and research and development.
“The Rockefeller-Snowe initiative seeks to bring new high-level governmental attention to developing a fully integrated, thoroughly coordinated public-private partnership,” said Snowe. “It is imperative that the public and private sectors marshal our collective forces in a collaborative and complementary manner to confront this urgent threat.”
Nearly 90 percent of the nation’s networks are owned and operated by the private sector, and Rockefeller and Snowe said requiring cyber-security must be a collaborative effort between the public and private sector.
The bill requires the president to collaborate with owners and operators of critical infrastructure IT systems, through the existing sector coordinating councils, to develop and rehearse detailed cyber-security emergency response and restoration plans. The explicit purpose of this section is to clarify roles, responsibilities and authorities of government and private sector actors in the event of a cyber-security emergency that threatens strategic national interests.
The president’s declaration of a cyber-security emergency would trigger the implementation of the collaborative emergency response and restoration plans.
There is nothing, however, in the bill authorizing new or expanded presidential authorities. To establish greater accountability for the president’s actions during a declared emergency, the bill also requires the president to report to Congress in writing within 48 hours of the declaration of a cyber-security emergency regarding the circumstances necessitating the declaration and the estimated scope and duration of the emergency.