Sens. Rockefeller and Snowe debut new draft of federal cybersecurity legislation

Sens. Jay Rockefeller (D-W.Va.) and Olympia Snowe (R-Maine) unveiled
the latest draft of their cybersecurity bill on Wednesday, a 62-page
set of instructions specifying how the federal government would respond
to a massive network security breach.

Among other provisions, the
bill would establish a Senate-confirmed office to handle cybersecurity
matters, replacing the ad hoc adviser President Barack Obama appointed
in 2009.

{mosads}It would also enumerate the president’s
powers during national cybersecurity emergencies, establish new bridges
for public-private security cooperation and set in place routine checks
on the country’s cybersecurity infrastructure, according
to the legislation.

The bill arrives on the
heels of two high-profile cyberattacks this year that in part targeted
numerous U.S. businesses, including Google. 

It attempts to
address many of the criticisms levied at the first draft of the
legislation issued in 2009 by Rockefeller and Snowe, the chairman
and ranking member of the Senate Commerce Committee, respectively.

However,
it remains unclear whether the revisions go far enough, as a number of
the original bill’s most contentious elements remain in the
new proposal — though in a slightly different form.

Chief among
them is the bill’s section on White House emergency powers at times of cyberattacks.

The legislation introduced in the Senate on Wednesday would
require federal agencies to work with private entities to draft
“collaborative emergency response and restoration plans.”  Those
documents — which would “clarify specific roles,
responsibilities, and authorities of government and private sector
actors” during a nationwide cybersecurity incident — would become effective
if the president ever declared a “national cybersecurity emergency,”
according to the bill.

Earlier versions of the language
piqued privacy groups, which felt the
bill would have granted the president too much power to regulate the
Internet, even during an attack on the scale of a cyberwar.

Consequently, Rockefeller and Snowe adjusted their language slightly in an attempt to assuage concerns, adding a new requirement that the president report to Congress within 48 hours why the White House declared an emergency and how long it would last.

Rockefeller’s office later stressed those rules already exist in federal law. But it remains unclear whether the latest changes can satisfy unhappy lawmakers and interest groups.

Nevertheless, other components of the bill are bound to be far less contentious. The legislation calls for a biennial cybersecurity review, modeled after the quadrennial study the Defense Department must undertake, and it authorizes new programs to increase the public’s computer security literacy. Both mimic efforts other lawmakers have pitched in recent months.

“The networks that American families and businesses rely on for basic
day-to-day activities are being hacked and attacked every day,”
Rockefeller said Wednesday in a statement. “This 21st century threat
calls for a robust 21st century response from our government, our
private sector and our citizens.”

With Rockefeller, Snowe later stressed their bipartisan proposal is essential for safeguarding the country’s Web infrastructure, and the private utilities and businesses that depend on it.

“The Rockefeller-Snowe initiative seeks to bring new high-level
governmental attention to developing a fully integrated, thoroughly
coordinated public-private partnership,” Snowe said. “It is
imperative that the public and private sectors marshal our collective
forces in a collaborative and complementary manner to confront this
urgent threat.”