SECURE IT Act introduced in the House


Unlike the Lieberman-Collins bill, the Republicans’ SECURE IT Act would not give the Homeland Security Department the power to require that critical computer systems meet minimum security standards.

Supporters of the SECURE IT Act warn that new regulatory powers would burden businesses and grow the budget deficit. Instead, that measure focuses on encouraging private companies to share information about cybersecurity threats with the government and toughening penalties for online crimes.

“Under our legislation, our nation’s best and brightest minds will finally be freed to work hand-in-hand to share information, develop safety protocols and put into place critical early-warning systems —much like a Weather Service advisory before a tornado — but shared between companies and federal authorities," Bono Mack said in a statement. "And just as importantly, we can accomplish all of this during these difficult economic times without creating a new bureaucracy and spending money that we don’t have, while protecting consumer privacy at the same time.”

Blackburn said the bill puts "the private sector in the driver’s seat, instead of relying on overly prescriptive government mandates that hamper growth and weaken response capabilities."

Rep. Jim Langevin (D-R.I.) called SECURE IT "a thoughtful proposal for much-needed improvements in the sharing of cyber threat information," but said the bill would be a "major step backward" because it fails to give the government the power to set standards for critical infrastructure systems.

“The SECURE IT Act would inexplicably have us continue to rely on the voluntary actions of the owners and operators of our key industries, namely the electric grid and water companies. However, that approach has failed us over the last decade," Langevin said.

“It’s time to move beyond the fantasy that this problem will solve itself through good intentions. We need swift action to compel these companies to invest in our national security before it’s too late. Cybersecurity legislation without critical infrastructure protection is dangerously inadequate.”

--Updated at 4:28 p.m.