Sens. Rockefeller and Snowe debut new draft of federal cybersecurity legislation

Sens. Jay Rockefeller (D-W.Va.) and Olympia Snowe (R-Maine) unveiled the latest draft of their cybersecurity bill on Wednesday, a 62-page set of instructions specifying how the federal government would respond to a massive network security breach.

Among other provisions, the bill would establish a Senate-confirmed office to handle cybersecurity matters, replacing the ad hoc adviser President Barack Obama appointed in 2009.

ADVERTISEMENT
It would also enumerate the president's powers during national cybersecurity emergencies, establish new bridges for public-private security cooperation and set in place routine checks on the country's cybersecurity infrastructure, according to the legislation.

The bill arrives on the heels of two high-profile cyberattacks this year that in part targeted numerous U.S. businesses, including Google. 

It attempts to address many of the criticisms levied at the first draft of the legislation issued in 2009 by Rockefeller and Snowe, the chairman and ranking member of the Senate Commerce Committee, respectively.

However, it remains unclear whether the revisions go far enough, as a number of the original bill's most contentious elements remain in the new proposal — though in a slightly different form.

Chief among them is the bill's section on White House emergency powers at times of cyberattacks.

The legislation introduced in the Senate on Wednesday would require federal agencies to work with private entities to draft "collaborative emergency response and restoration plans."  Those documents — which would "clarify specific roles, responsibilities, and authorities of government and private sector actors" during a nationwide cybersecurity incident — would become effective if the president ever declared a "national cybersecurity emergency," according to the bill.

Earlier versions of the language piqued privacy groups, which felt the bill would have granted the president too much power to regulate the Internet, even during an attack on the scale of a cyberwar.

Consequently, Rockefeller and Snowe adjusted their language slightly in an attempt to assuage concerns, adding a new requirement that the president report to Congress within 48 hours why the White House declared an emergency and how long it would last.

Rockefeller's office later stressed those rules already exist in federal law. But it remains unclear whether the latest changes can satisfy unhappy lawmakers and interest groups.

Nevertheless, other components of the bill are bound to be far less contentious. The legislation calls for a biennial cybersecurity review, modeled after the quadrennial study the Defense Department must undertake, and it authorizes new programs to increase the public's computer security literacy. Both mimic efforts other lawmakers have pitched in recent months.

“The networks that American families and businesses rely on for basic day-to-day activities are being hacked and attacked every day," Rockefeller said Wednesday in a statement. “This 21st century threat calls for a robust 21st century response from our government, our private sector and our citizens."

With Rockefeller, Snowe later stressed their bipartisan proposal is essential for safeguarding the country's Web infrastructure, and the private utilities and businesses that depend on it.

“The Rockefeller-Snowe initiative seeks to bring new high-level governmental attention to developing a fully integrated, thoroughly coordinated public-private partnership,” Snowe said. “It is imperative that the public and private sectors marshal our collective forces in a collaborative and complementary manner to confront this urgent threat.”