OVERNIGHT TECH: Cybersecurity debate finally under way

THE LEDE: After months of meetings behind closed doors, the debate over cybersecurity legislation in the Senate went public Tuesday with the introduction of a comprehensive bill from the leadership of the Senate Homeland Security and Commerce Committees. The legislation would reform the law governing how federal agencies secure their networks, encourage information sharing between the public and private sectors on cyber threats, and implement some light-touch regulations on private firms deemed crucial to national security.

The provision that would empower the Department of Homeland Security to ensure critical infrastructures are complying with security performance requirements has drawn the most scrutiny. Tech industry representatives have expressed concern about the potential cost of implementation, and have argued they know better than the government how best to secure their networks. Seven Republicans sought to delay the bill on Tuesday by urging Senate Majority Leader Harry Reid (D-Nev.) to allow all of the relevant committees to hold hearings on the legislation.

ADVERTISEMENT
But cybersecurity experts who have reviewed the bill say contractors' lobbying efforts have already gutted many of the measures to secure the nation's networks. Center for Strategic and International Studies Director James Lewis said the high thresholds for covered critical infrastructure and exclusions for commercial IT are problematic. SANS Institute research director Alan Paller said a handful of tech industry representatives have been able to pump the bill so full of loopholes that its protections have been "decimated. But cybersecurity is still a young policy issue, so the passage of any legislation will likely be viewed as a political win.

Reactions:

"The six [tech industry representatives] demanded so many loopholes in the draft bill that it ought to be renamed the "Chinese cyber espionage protection act," because it enables attackers while hamstringing defenders; and they continue to demand more loopholes. These six people, had they worked for the auto industry in Washington in the 50s, would have said, 'requiring seat belts in cars is government over-regulation, but we are patriots here to protect the American people, so we will support the bill, as long as it applies only to cars with three wheels.'" — Alan Paller, SANS Institute

“It’s too bad that Republicans would so blatantly try and drag their heels on a bill as important as cyber security. To try and go back to the drawing board at this point in the process is an insult to members who have met often and worked hard to reach consensus during the last two years. If they aren’t interested in getting a bill done now, it’s unclear whether they ever will.” — spokesman for Senate Commerce Committee Chairman Jay Rockefeller (D-W.Va.)

"TechAmerica remains committed to further refinement of the legislation to ensure the private sector has a strong voice at the table. We hope that Congress will follow the tenet of first, do no harm, while being mindful that legislating on a complex technical issue of cybersecurity can have many possible unintended consequences. It is paramount that we preserve industry’s ability to continue to innovate and be flexible to respond to the evolving cyber threat landscape.” — Dan Varroney, acting president and CEO of TechAmerica

On tap Wednesday: The Federal Communications Commission will hold its monthly meeting and consider regulations to protect consumers from unwanted robocalls. The proposed rules would require consumers to have given prior consent before receiving robocalls, and would allow them to easily opt out of receiving further robocalls. The commission will also discuss streamlining the licensing rules for cellular service and expanding outage reporting to Voice over Internet Protocol (VoIP) providers.

Signing off: This will be my last edition of Overnight Tech. Brendan Sasso will bring you all the tech news you need from here on.

Follow Gautham on Twitter. Brendan Sasso contributed to this post.