Leaders in the US Senate are trying to fast-track new cyber-security legislation that will create costly new regulations for some businesses, some critics said.
A plan by Senate Democrats to move the Cyber-security Act, introduced this week, directly to the Senate floor for a vote raises serious questions about the process and will lead to bureaucrats at the US Department of Homeland Security (DHS) writing regulations for businesses that control critical infrastructure, said Senator John McCain, an Arizona Republican, during a hearing on the bill.
The Cyber-security Act, introduced by four senators, would allow DHS to "promulgate prescriptive regulations on American businesses," McCain said. "The regulations that would be created under this bill authority would stymie job creation, blur the definition of private property rights and divert resources from actual cyber-security to compliance with government mandates."
Economic effects
The wide-ranging bill would require operators of so-called critical infrastructure networks to adopt cyber-security practices if evaluations by DHS find their security lacking. The legislation would cover operators of systems that, if compromised, would cause mass death, evacuation or major damage to the US economy.
The bill would allow owners of critical infrastructure systems to decide how best to meet the performance standards developed in cooperation with DHS.
McCain was among seven Republican senators who, in a Tuesday letter to Senate leadership, called for multiple hearings on the legislation. The Senate needs to have a serious discussion about whether DHS is the best agency to protect the US against cyber-attacks or whether the Department of Defence or National Security Agency might be better suited, McCain said.
Thomas Ridge, chairman of the National Security Task Force at the US Chamber of Commerce and a former US secretary of homeland security, also voiced opposition to the bill during the hearing, before the Senate Homeland Security and Governmental Affairs Committee. The bill does not appear to have a limit on what businesses DHS can designate as critical infrastructure, he said.
Cyber-security mandates may not be effective, Ridge added. "Frankly, the attackers and the technology move a lot faster than any regulatory body or political body will ever be able to move," he said.
Stripped-down bill
But supporters of the bill argued that new cyber-security measures are needed. Lawmakers have been working on a comprehensive cyber-security bill for years, and this legislation is a product of dozens of past hearings and meetings between lawmakers and business leaders, said Senator Joe Lieberman, a Connecticut independent and sponsor of the bill.
While critics call for delays, cyber-thieves are looting US businesses and government agencies, added Senator Susan Collins, a Maine Republican and co-sponsor. Sponsors made several changes to the bill in response to concerns from the Chamber of Commerce, she said.
"This bill is urgent," Collins said. "We can’t wait to act. We cannot wait until our country has a catastrophic cyber-attack."
Janet Napolitano, current secretary at DHS, and Stewart Baker, a former official at DHS and the NSA, both voiced support for the bill.
Although some critics have called for a stripped-down bill that deals mainly with security efforts at government agencies, "now is not the time for half-measures," Napolitano said.
IDG News Service
Subscribers 0
Fans 0
Followers 0
Followers