Revised cybersecurity bill introduced

Senate Homeland Security Committee leaders Sens. Joe Lieberman (I-CT) and Susan Collins (R-Maine) introduced a revised version of their cybersecurity bill. The latest version of the bill includes elements of a voluntary program outlined in a compromise framework drafted by a bipartisan group of senators led by Sens. Sheldon Whitehouse (D-RI) and Jon Kyl (R-AZ).

The revised bill proposes to establish a multi-agency council, called the National Cybersecurity Council, that would assess the risks and vulnerabilities found in computer systems of critical infrastructure. The council would be chaired by the Homeland Security Secretary and include members from the Pentagon, Department of Commerce, Justice Department, intelligence community and federal regulatory agencies that oversee critical infrastructure for specific sectors. The critical infrastructure section of the bill no longer requires companies that operate critical infrastructure to meet a set of security standards and incorporates some of the ideas proposed in the Whitehouse-Kyl framework. Instead, critical infrastructure operators could elect to participate in a voluntary cybersecurity program where they can show through self-certification or a third party assessment that they meet a set of cybersecurity practices in exchange for incentives. Those voluntary cybersecurity practices would be developed by private industry groups but reviewed and approved by the council. However, infrastructure that is deemed critical--or would result in mass casualties, devastating economic or systemic damage if disabled--would be required to report if a significant cyber incident hit their computer systems.

Senate Majority Leader Harry Reid (D-NV) put the new version of the bill on the Senate calendar.