McCain promises GOP alternative to ‘super regulator’ cybersecurity bill

Josh Peterson Contributor
Font Size:

Republican senators announced their intention to introduce a competing cybersecurity bill last Thursday to counter a recently introduced Democratic bill that would expand the Department of Homeland Security’s authority. The GOP plan will reportedly instead grant new powers to the U.S. Cyber Command and the National Security Agency.

In an opening statement before the Senate Homeland Security and Government Affairs Committee (HSGAC) on Thursday, Arizona Republican Sen. John McCain announced that he and several other Republican senators would introduce the bill after the President’s Day recess.

Advocates of the Democratic bill — the Cybersecurity Act of 2012, also called the Lieberman/Collins bill — emphasized the urgent need for adequate legislation to address unforeseen threats to the nation’s critical infrastructure.

“The Cybersecurity Act of 2012 would require the Department of Homeland Security to conduct risk assessments of the nation’s core critical infrastructure before determining which should be covered by the bill,” HSGAC said in a statement released Thursday.

“DHS would then work hand in glove with the owners/operators of designated critical infrastructure to develop risk-based performance requirements, based on current standards or industry practices.”

HSGAC said the bill is “the result of at least three years of intensive work and scores of hearings — 10 in just HSGAC since 2005. Both HSGAC and the Commerce Committee passed similar legislation in the last Congress.” (RELATED: Full coverage of the tech world)

McCain, however, criticized the time frame in which the bill was brought before the Senate, the policy and the cost of the proposal, calling it “hurried.”

“To suggest that this bill should move directly to the Senate Floor because it has ‘been around’ since 2009 is outrageous. First, the bill was introduced two days ago,” said McCain.

McCain relayed concerns voiced by General Keith Alexander, Commander of U.S. Cyber Command and the Director of the NSA, that cyber threats must be seen and addressed in real-time. Both cyber command and the NSA, while possessing the technical expertise required to deal with future cyber threats, does not have the legal authority to do so.

McCain warned that the Democratic bill would turn DHS into a “super regulator.”

“Additionally, if the legislation before us today were enacted into law, unelected bureaucrats at the DHS could promulgate prescriptive regulations on American businesses — which own roughly 90 percent of critical cyber infrastructure,” said McCain.

Republican Sens. Kay Bailey Hutchison, Chuck Grassley, Saxby Chambliss, Lisa Murkowski, Jeff Sessions, Mike Enzi and McCain sent a letter to Reid several days prior to the hearing, asking him not to “bypass regular order on the Lieberman/Collins cybersecurity bill.”

Reid had previously promised to bring the Democratic bill to the Senate floor for a vote regardless of whether it had received consensus approval.

The Republican proposal, according to McCain, would aim to improve “information sharing among the private sector and government; updating our criminal code to reflect the threat cyber criminals pose; reforming the Federal Information Security Management Act; and focusing federal investments in cybersecurity; our nation will be better able to defend itself against cyber attacks.”

HSGAC Chairman Sen. Joe Lieberman, independent of Connecticut, said that he was “heartened” that Republicans planned to introduce their own cybersecurity proposal because to him “it feels like September 10, 2001.”

Follow Josh on Twitter