Cybersecurity Act of 2012

In his State of the Union message on Tuesday, President Obama announced that he had signed an Executive Order addressing the cybersecurity of  critical infrastructure.  President Obama emphasized that in the face of threats to corporate secrets, the power grid, and financial institutions, among others, “We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.”

The Executive Order follows legislative efforts in the last Congress to pass comprehensive cybersecurity bills.  After the Cybersecurity Act of 2012 (S. 3414) failed to pass in August 2012, Deputy National Security Adviser John Brennan mentioned in an appearance at the Council on Foreign Relations that the President was considering issuing an Executive Order to implement portions of the cybersecurity legislation.  In the subsequent months, the White House sought industry input on the Order.

The Order has two main components: increasing information sharing from the government to the private sector and establishing a Cybersecurity Framework to buttress the security of critical infrastructure. Continue Reading President Obama Issues Cybersecurity Executive Order

In the wake of the Senate’s failure to pass comprehensive cybersecurity legislation in August and amid continued discussion about the possibility of a cybersecurity executive order, Senator Jay Rockefeller has sought information directly from Fortune 500 companies. 

Senator Rockefeller has urged President Obama to issue a cybersecurity executive order

Continue Reading Senator Rockefeller Requests Cybersecurity Information from Fortune 500 Companies

Before recessing in August, the Senate considered, but failed to pass, comprehensive cybersecurity legislation, the Cybersecurity Act of 2012 (S. 3414) (“CSA2012”). Shortly thereafter, during a Council on Foreign Relations event on August 8, Deputy National Security Adviser John Brennan stated that the President is considering using an executive order

Continue Reading White House Considers Cybersecurity Executive Order

Yesterday, the Senate voted to move forward with a floor debate of the Cybersecurity Act of 2012 (“CSA2012”) (S. 3414), and the White House formally endorsed CSA2012, saying it will strengthen efforts to secure American networks against cyberattacks.  As a result of yesterday’s procedural vote, the Senate is likely

Continue Reading Senate Scheduled To Consider Cybersecurity Legislation

On July 19, 2012, Senators Joseph Lieberman (I-CT), Susan Collins (R-ME), Jay Rockefeller (D-WV), Dianne Feinstein (D-CA), and Tom Carper (D-DE) introduced a revised version of the Cybersecurity Act of 2012 (“CSA2012”), which they initially introduced in February. The revision includes elements drawn from efforts by Senators Sheldon Whitehouse (D-RI) and Jon Kyl (R-AZ) to reconcile the CSA2012 with the Republican-sponsored SECURE IT Act (S. 3342).

The new CSA2012 (S. 3414) takes a different approach than the original version to cybersecurity of critical infrastructure. The original bill would have given the Department of Homeland Security (“DHS”) authority to designate “systems or assets” as covered critical infrastructure and to require owners and operators of designated critical infrastructure to meet cybersecurity performance requirements, established by DHS. The new CSA2012, on the other hand, would rely on voluntary private sector compliance with cybersecurity standards. As Senator Lieberman explained, the revised bill relies on “carrots instead of sticks.”Continue Reading Senators Introduce Revised Cybersecurity Act of 2012

Yesterday Senator John McCain (R-AZ) introduced the Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology Act of 2012 (SECURE IT Act). The bill’s cosponsors include Senators Kay Bailey Hutchison (R-TX), Chuck Grassley (R-IA), Saxby Chambliss (R-GA), Lisa Murkowski (R-AK), Dan Coats (R-IN), Ron Johnson (R-WI), and Richard Burr (R-NC).
Continue Reading Republican Senators Introduce SECURE IT Act

By David Fagan

Yesterday, the Senate Committee on Homeland Security and Governmental Affairs held a hearing on the “Cybersecurity Act of 2012.” Senator Joseph Lieberman (I-CT) introduced the bill, S. 2105, on Tuesday with co-sponsors Senators Susan Collins (R-ME), Dianne Feinstein (D-CA), and John D. Rockefeller, IV (D-WV). S. 2105 builds on prior cybersecurity bills introduced in this and prior Congresses and resulted from a lengthy consultation process — shepherded by Senate Majority Leader Reid and Minority Leader McConnell — with private sector stakeholders, the Executive Branch, and other interested parties. Upon introducing the bill earlier this week, Majority Leader Reid and Committee Chairman Lieberman said that they intended not to hold any committee mark-up and instead would bring the bill directly to the floor for a full vote in March.

As currently drafted, S. 2105 would centralize responsibility for cybersecurity of civilian infrastructure in the Department of Homeland Security (DHS) and require the Secretary of Homeland Security, in consultation with owners and operators of covered critical infrastructure, to conduct risk-based assessments of cybersecurity threats to covered critical infrastructure. The Secretary would have the authority to designate “systems or assets” as covered critical infrastructure if a cyber attack on the system or asset could “reasonably result” in “the interruption of life-sustaining services . . . sufficient to cause” a “mass casualty event” or mass evacuations, or “catastrophic economic damage to the United States.” The bill also would require the Secretary, based on the risk assessments and working with owners and operators of covered critical infrastructure, to establish cybersecurity performance requirements. Owners and operators would have flexibility to determine how best to meet the performance requirements.Continue Reading Senate Holds Hearing on Newly Introduced ‘Cybersecurity Act of 2012’