On March 1st, 2012, Damon Poeter reported for PCMag on the new cybersecurity proposal from the Senate Republicans, the Secure IT act. Offered as an alternative to the Cybersecurity Act of 2012 (CSA), the Secure IT act is supposed to be the less regulatory, more business friendly version of cybersecurity legislation. So what does it do?
Unfortunately, not much. According to the article, the proposal would mainly increase the penalties for cybercrime criminal statutes and would improve information sharing between the private and government sectors. As for the criminal statutes, Secure IT would update the Federal Information Security Management Act (FISMA). Moreover, "the National Institute of Standards and Technology and the Department of Commerce" will play a role in overseeing security standards. Apparently Secure IT will require federal telecom and IT security contractors to report on cyber threats.
You can find the PC Mag article here.
***
I'm more interested in what Secure IT lacks. The NSA is nowhere to be found. Remember that Sen. McCain, a sponsor of Secure IT, wanted more cybersecurity responsibility for the NSA; he even criticized the CSA on that basis. Putting the NSA in charge would certainly be controversial, but House Republicans were willing to do it with CISPA. Why not here?
Additionally, Secure IT doesn't seem to provide strong critical infrastructure protection. No critical infrastructure designations, no critical infrastructure regulation, nothing. Are we really going to defend critical infrastructure with only private sector incentives?
This proposal just seems really underwhelming. Even though Senate Republicans want to avoid strict regulation, the House Republicans were willing to put forward two strong bills (CISPA and the preCISE Act). Secure IT just won't cut it.
I'll post the text as soon as it is made available.
Leave a Reply