Revised cybersecurity bill introduced

Senate Homeland Security Committee leaders Sens. Joe Lieberman (I-Conn.) and Susan CollinsSusan Margaret CollinsDemocrats search for 51st net neutrality vote Overnight Tech: States sue FCC over net neutrality repeal | Senate Dems reach 50 votes on measure to override repeal | Dems press Apple on phone slowdowns, kids' health | New Android malware found Overnight Regulation: Dems claim 50 votes in Senate to block net neutrality repeal | Consumer bureau takes first step to revising payday lending rule | Trump wants to loosen rules on bank loans | Pentagon, FDA to speed up military drug approvals MORE (R-Maine) introduced a revised version of their cybersecurity bill on Thursday.

The latest version of the bill includes elements of a voluntary program outlined in a compromise framework drafted by a bipartisan group of senators led by Sens. Sheldon WhitehouseSheldon WhitehouseSenate Finance Dems want more transparency on trade from Trump Trump, Kushner meet with advocates on prison reform Democrats search for Russians — any Russians — for collusion story MORE (D-R.I.) and Jon Kyl (R-Ariz.).

ADVERTISEMENT
“While the bill we introduced in February is stronger, this compromise will significantly strengthen the cybersecurity of the nation’s most critical infrastructure and with it our national and economic security," said Lieberman. “We responded after the 9/11 attacks to improve our security. Now we must respond to this latest challenge before a cyber 9/11 occurs.”

Senate Majority Leader Harry ReidHarry Mason ReidDems search for winning playbook Dems face hard choice for State of the Union response The Memo: Immigration battle tests activists’ muscle MORE (D-Nev.) on Thursday put the new version of the bill on the Senate calendar.

The revised bill proposes to establish a multi-agency council, called the National Cybersecurity Council, that would assess the risks and vulnerabilities found in computer systems of critical infrastructure. The council would be chaired by the Homeland Security Secretary and include members from the Pentagon, Department of Commerce, Justice Department, intelligence community and federal regulatory agencies that oversee critical infrastructure for specific sectors.

The critical-infrastructure section of the bill no longer requires companies that operate critical infrastructure to meet a set of security standards and incorporates some of the ideas proposed in the Whitehouse-Kyl framework. Instead, critical-infrastructure operators could elect to participate in a voluntary cybersecurity program where they can show through self-certification or a third-party assessment that they meet a set of cybersecurity practices in exchange for incentives. Those voluntary cybersecurity practices would be developed by private industry groups but reviewed and approved by the council. 

However, infrastructure that is deemed critical — or would result in mass casualties, devastating economic or systemic damage if disabled — would be required to report if a significant cyber incident hit its computer systems. That type of incident would include the "exfiltration of data" or "the defeat of an operational control or technical control" that is key to operating and securing the infrastructure. 

The other bill co-sponsors listed are Sens. Jay RockefellerJohn (Jay) Davison RockefellerOvernight Tech: Trump nominates Dem to FCC | Facebook pulls suspected baseball gunman's pages | Uber board member resigns after sexist comment Trump nominates former FCC Dem for another term Obama to preserve torture report in presidential papers MORE (D-W.Va.), Dianne FeinsteinDianne Emiel FeinsteinDHS chief takes heat over Trump furor NSA spying program overcomes key Senate hurdle Democrats will need to explain if they shut government down over illegal immigration MORE (D-Calif.) and Tom CarperThomas (Tom) Richard CarperSenate Finance Dems want more transparency on trade from Trump Overnight Energy: California regulators vote to close nuclear plant | Watchdog expands Pruitt travel probe | Washington state seeks exemption from offshore drilling plan Overnight Regulation: Fight erupts over gun export rules | WH meets advocates on prison reform | Officials move to allow Medicaid work requirements | New IRS guidance on taxes MORE (D-Del.).

The revised version also included additional privacy and civil liberties safeguards, which were hailed by privacy advocates.

The American Civil Liberties Union had previously argued that the information-sharing section of the bill would increase the flow of Americans' personal information to the military and National Security Agency. But Michelle Richardson, a legislative counsel at the ACLU's Washington office, noted in a blog post that the revised bill would "ensure that companies who share cybersecurity information with the government give it directly to civilian agencies, and not to military agencies" like the NSA. 

Richardson lauded the changes made to the bill and noted that it included tighter language that restricted how the government can use the cyber-threat information it collects.   

Feinstein, who oversaw the crafting of the bill's information-sharing section, said she believes the revised bill is stronger thanks to the new changes.

“We have worked very closely with Senate colleagues, privacy groups and industry to strengthen the bill’s privacy protections without undermining the fundamental goal of improving information cybersecurity sharing," Feinstein said in a statement. "I believe the bill is stronger as a result of these changes.”

A group of Senate Republicans, including Sens. John McCainJohn Sidney McCainMcCain rips Trump for attacks on press NSA spying program overcomes key Senate hurdle Meghan McCain says her father regrets opposition to MLK Day MORE (Ariz.) and Kay Bailey Hutchison (Texas), had opposed the earlier version of the bill because it mandated private-sector critical-infrastructure operators to meet security standards. McCain and others introduced a rival bill that focused on improving information-sharing about cyberthreats instead.

A GOP aide called the introduction of the revised bill "more of a political exercise than anything else" and added that "the conversations between the offices continue."

In a opinion piece published by The Wall Street Journal on Thursday, President Obama urged the Senate to pass Lieberman's cybersecurity bill.

"Today we can see the cyber threat to the networks upon which so much of our modern American lives depend," Obama wrote. "We have the opportunity — and the responsibility — to take action now and stay a step ahead of our adversaries."

Lieberman had said he expects the Senate to take up the cybersecurity bill by the end of next week.

This story was updated at 7:57 p.m.