Talks heat up behind cybersecurity law

Senior Senate staff members are working on cybersecurity legislation.

Sens. Joe Lieberman (I-Conn.) and Susan Collins (R-Maine), the chairman and ranking member, respectively, of the Senate Homeland Security and Governmental Affairs Committee, introduced the Protecting Cyberspace as a National Asset Act of 2010 last June. The committee approved the legislation by voice vote in December, but it died in the full Senate.

Senators are beginning talks on pushing cybersecurity legislation, hoping for a successful run this time.

Top Senate staff members have been in discussions for several weeks, working to parse language from at least two separate cybersecurity bills that were introduced but not passed in the previous Congress, while senators have just joined the talks, according to Molly Wilkinson, counsel for the Senate Homeland Security and Governmental Affairs Committee.

“Senior leadership in the Senate is working toward the issue of cybersecurity and how to address it,” Wilkinson said March 17 during a panel discussion at the Coalition for Government Procurement’s Spring Conference. However, she added that the talks were in the beginning stages.

Related stories:

Lieberman: No kill switch in new bill

Cybersecurity solution needs better partnerships, not more rules, group says

A similar bill, the Cybersecurity Act of 2010, was introduced by Sens. John Rockefeller (D-W.Va.), chairman of the Commerce Committee, and Olympia Snowe (R-Maine), a committee member, in April 2009. The panel approved the legislation, but the Senate never acted on it.

Now, Wilkinson said, staff members from the two committees, as well as the intelligence committee and others, are trying to find the best of both bills and merge them into one.

The Lieberman-Collins bill would create both an office in the White House to deal with cyberspace policies and a National Center for Cybersecurity and Communications (NCCC) at the Homeland Security Department. The NCCC would help drive strategies regarding cybersecurity while considering the government’s critical infrastructure. Also, the legislation would have the Office of Personnel Management reform the way it recruits employees for cybersecurity positions and require acquisition offices to develop protections against threats that may sneak in through the supply chain.

The Rockefeller-Snowe legislation would bolster the cybersecurity workforce by developing training and certification requirements. It would require the president to develop ways to prepare the federal government for a cyberattack, including defining federal cybersecurity employees’ responsibilities in case of an attack. The government would need to partner with the private sector on an advisory panel to keep up with trends in research and new concerns about the government’s ability to respond appropriately to attacks, among other issues.

The fiscal 2011 National Defense Authorization Act, which became law in January, also included cybersecurity provisions, including pilot projects, provisions for buying safe computer software, and strategies for acquisition and oversight of the Defense Department’s cyber warfare abilities.

Three months into the new Congress, a number of bills regarding cybersecurity have been introduced.