Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
Competing cybersecurity bills offer best of both worlds
Tuesday - 3/6/2012, 11:40am EST
Last week, Sen. John McCain (R-Ariz.) and seven other Republican senators introduced the SECURE IT Act. The bill came two weeks after Sens. Joseph Lieberman (I-Conn.), Jay Rockefeller (D-W.Va.) Dianne Feinstein (D-Calif.) and Susan Collins (R-Maine) introduced the Cybersecurity Act of 2012.
Former Ambassador David Smith, now with the Potomac Institute Cyber Center, told The Federal Drive with Tom Temin there are things to like in both Senate bills.
"We have a serious national security issue and two teams of people have taken a crack at it," Smith said. "I think each one of them has got some strong points. Rather than have a duel, we need to have the best of both and let's do what's right for the security of the country."
Smith said part of the problem is that many of the assets government would be trying to protect with a cyber bill are now privately owned. Both bills currently on the table address this issue in different ways.
"Sen. McCain's bill tries to do this in what is a voluntary partnership between these privately owned, critical infrastructure industries and the government," Smith said.
The bill's protections for privacy and the way the government obtains information are strong, Smith said. It also sets up research and development programs and defines what critical infrastructure is in a more focused way.
"There are criminal penalties that are established, not only for violating the act itself, but for certain things like damaging a critical infrastructure computer," he said. "That would become criminalized."
Smith believes McCain's bill falls down, though, in making all of its proposed security measures voluntary.
"The problem with a private business is you're always worried that the other guy is going to undercut you by not doing what you might volunteer to do," Smith said. "So, you have a disincentive to spend that money that you have to spend on something like cybersecurity."
The Lieberman bill offers many of the same protections as the McCain bill, but makes all of its cybersecurity measures mandatory.
"It gets right at that privately-owned, critical infrastructure. It is mandatory. The secretary, in combination with business, has to define what critical infrastructure is, then develop the standards, and then the industry can meet the standards any way it wants...I think we need to put the two together," Smith said.
When asked if he thinks a cyber bill will become a reality, Smith said yes.
"There are some things in both of these bills we need to look at. Maybe there is a middle ground. Maybe there are some voluntary, but none-the-less, pretty strict guidelines that could be used with industry...I think we all ought to put our hands in this together and work it out, and I think there's a pretty good chance that is going to happen."
Analysis: Competing bills offer different approaches to cybersecurity