Senate Majority Leader Harry Reid, following a recent anti-piracy legislative debacle with SOPA and PIPA, will lead his second effort of 2012 to push Internet-regulating legislation, this time in the form of a new cybersecurity bill. The expected bill is the latest attempt by the Democrats to broadly expand the authority of executive branch agencies over the Internet.
Details about the bill remain shrouded in secrecy. Clues available to the public suggest that the bill might be stronger than President Barack Obama’s cybersecurity proposal, which was released in May 2011. Reid said that he would bring the bill — expected to come out of the Senate Homeland Security and Government Affairs Committee, chaired by Connecticut independent Sen. Joe Lieberman — to the floor during the first Senate work period of 2012.
A classified meeting behind closed doors in October 2011 between key Senate committee leaders with jurisdiction over cybersecurity and White House officials, took place at the request of the Obama administration. Lieberman, in an interview with The Hill in October, said that past Senate cybersecurity bills were considerably stronger than the White House proposal.
The White House proposal recommended that the Department of Homeland Security be given broad regulatory authority for cybersecurity matters over civilian networks. The White House proposal also recommends that the DHS program be “developed in consultation with privacy and civil liberties experts and with the approval of the Attorney General.”
A recent bill in the House – the Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act of 2011 or PrECISE Act — also empowers DHS in the event of a cyberattack, but the bill has been criticized by Reid as not giving the agency enough power. PrECISE focuses on strengthening the information sharing component between private corporations and DHS by allowing a limited amount of information to be shared between the two.
Reid favors an approach that would expand DHS authority beyond currently regulated “critical infrastructure,” such as utilities and financial institutions, to also include Internet service providers and private networks. (RELATED: Full coverage of the tech industry)
“Lieberman said the turf war over which agency should be in charge of implementing the government’s cybersecurity plan has been largely resolved and there is a ‘broad consensus’ that DHS is best suited to the task, with technical and intelligence support from the military and National Security Agency,” reported The Hill.
Paul Rosenzweig, a visiting fellow at The Heritage Foundation, recently concluded that the NSA “does it better than DHS” when it comes to cybersecurity. Rosenzweig, who crafted policy inside of DHS, noted that the preference should be for a civilian agency to oversee a predominately civilian network, but it lacks the manpower to handle that responsibility. DHS recently announced a decision to hire 1,000 new cyber experts.
“But until these new experts are on board (and finding and hiring that many will be a long process), civilian defenses will have to rely on existing expertise that lies predominantly with NSA,” said Rosenzweig.
The NSA, at present, already works closely with financial institutions to battle hackers.
Reid sent a letter to Senate Minority Leader Mitch McConnell in November, which urged the need to act for fear of a major cyber attack, regardless of whether legislative working groups that have been working on this issue come to an agreement. McConnell replied with a letter of his own, advising Reid to introduce legislation that would have bipartisan support.
“Everyone wants to improve cybersecurity, but, if we’ve learned nothing else from previous legislation affecting the Internet, we know that an imposition of an overly broad regulatory regime of the Internet ecosystem will not sit well with the American people,” a Senate aide told The Daily Caller.