On February 14, 2012, S. 2105, the Cybersecurity Act of 2012, was introduced by Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman (Ind.-CT); Ranking Member Susan Collins (R-ME), Commerce Committee Chairman Jay Rockefeller (D-WV), and Select Intelligence Committee Chairman Dianne Feinstein (D-CA).
The proposed Act does not include the controversial Internet “kill-switch” provision that hampered previous cybersecurity legislation. It keeps with the spirit of earlier legislative proposals by envisioning a public-private partnership for the protection of “critical infrastructure system,” a term broad enough to encompass any “system or asset” designated by the Secretary of the Department of Homeland Security (DHS) pursuant to a procedure set forth in the Act. Critical infrastructure could include any system or asset if damage to it could reasonably result in the interruption of life-sustaining services, catastrophic economic damage to the United States, or severe degradation of national security or its capabilities. Owners/operators who think their systems were wrongly designated would have the right to appeal.
Critical infrastructure would be required to be secured through being regularly informed of cyber risks and threats, implementing measures that best satisfy cybersecurity performance requirements, and reporting significant cyber incidents affected covered critical infrastructure. The owners of a covered system would determine how best to meet the performance requirements and verify compliance, either by using a third party assessor or through selfcertification. DHS would work with the owners and operators of designated critical infrastructure to develop risk-based performance requirements, looking first to current standards or industry practice.
The bill would consolidate power under DHS in a unified office called the National Center for Cybersecurity and Communications. It would also reform the Federal Information Security Management Act (FISMA), which governs the federal government’s civilian systems.