Critical Infrastructure Protections ‘Essential’ to National Cybersecurity, Say Lieberman, Collins
It is “absolutely essential” for Congress to encourage better cybersecurity protection for America’s critical infrastructure sectors, Senate Homeland Security and Governmental Affairs Committee Ranking Member Susan Collins, R-Maine, told C-SPAN’s The Communicators in an interview scheduled to air Saturday. Committee Chairman Joe Lieberman, I-Conn., a co-sponsor of the Cybersecurity Act (S-2105), said on the same program that critical infrastructure protections must be included in Congress’s approach to cybersecurity.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
"We are simply not adequately defended,” Lieberman said. The nation’s privately-held critical infrastructure is “all very vulnerable now. If there was a major conflict with an enemy they would likely come at us first by cyberattack,” he said. “This is something that cries out for action,” said Collins. “If we adjourn without taking action on cybersecurity, shame on us. Because it is inevitable with the number of daily attacks … that we are going to face a serious cyberattack.”
Sen. John McCain, R-Ariz., recently proposed an alternative cybersecurity bill, the SECURE IT Act (S-2151), which intentionally omits any federal requirements for owners and operators of critical infrastructure to increase their cybersecurity protections (CD March 2 p8). Lieberman and Collins’ bill, S-2105, authorizes the Homeland Security secretary to identify where private sector performance requirements are inadequate and develop new performance requirements for owners and operators of covered critical infrastructure (CD Feb 15 p9).
The SECURE IT act is “inadequate … it doesn’t do the job,” Lieberman said. “We've got to convince our colleagues that at some point the government has got to say to an irresponsible business, that in the national interest you have got to meet these performance standards or we are all going to regret it.” Collins agreed: “I don’t know how you can say you are protecting the vital assets of our country and ignore the critical infrastructure.”
Lieberman said he’s open to negotiating on the other differences between the two bills. Three of SECURE IT’s provisions are already covered in S-2105, he said. “We may do them a little differently but we can negotiate on it. The fourth is criminal penalties, which I think we are open to.” The SECURE IT Act contains provisions to update the federal racketeering statute to include cybercrimes and enhance the penalty structure under the Computer Fraud and Abuse Act (CD March 2 p8).
Collins and Lieberman dismissed criticism that their bill is, in McCain’s words, “a bureaucratic Leviathan.” Other Senate Republicans are generally backing McCain’s measure. “There is nothing in this bill that has the federal government dictating the design of any measure to secure a system,” said Collins. “The government would simply set performance standards, but it would be up to industry on how to meet those standards.”
The bill is comparable to some of the public safety laws already in place, Lieberman said. “To say that this bill is over-regulation is like saying it’s over-regulation to require a developer who puts up an office building to meet certain safety standards in the construction of the building.”
"The bill has a sensible, regulatory regime that is completely collaborative with private industry,” Collins said. “It’s one where the Department of Homeland Security does not even review the security plans. We leave that up to the private sector to self-certify or get a third-party opinion.”
Lieberman could not say when S-2105 would go to the Senate floor for debate. “That is like predicting the weather in New England,” he said. But he acknowledged that Majority Leader Harry Reid, D-Nev., wants to move the bill soon. “This has become a priority for him … he told us he might bring it up in this work period … if not, I'm sure it will come up when we get back from the Easter/Passover recess in the middle of April. Hopefully we can get it then and send it to the House.”