Republican senators introduce their own cybersecurity bill

The SECURE IT Act won't create new regulations for U.S. businesses, its sponsors say

Seven senior Republicans in the U.S. Senate have introduced cybersecurity legislation after saying that an earlier bill would create costly regulations for businesses.

The sponsors of the new Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology (SECURE IT) Act also complained that they did not have enough input on the earlier legislation.

The Republican senators, including John McCain of Arizona, Kay Bailey Hutchison of Texas and Chuck Grassley of Iowa, introduced the SECURE IT Act on Thursday. They touted the bill as a less regulatory alternative to the Cybersecurity Act, a bill introduced by two Democrats, an independent and a Republican in February.

"The SECURE IT Act strengthens America's cybersecurity by promoting collaboration and information-sharing, updating our criminal laws to account for the growing cyber threat and enhancing research programs to protect our critical networks," McCain said in a statement. "This legislation will help us begin to meet the very real threat of cyber attack."

The Cybersecurity Act would allow the secretary of the U.S. Department of Homeland Security to designate some private networks as critical infrastructure and require them to submit security plans to the agency. But the SECURE IT Act has no such regulations, instead focusing on encouraging private companies and the federal government to share more information about cyberthreats, sponsors said.

The new bill would give legal protections to private groups that share information about cyberthreats. The older bill also includes some information-sharing provisions, but critics have said legal protections would cover only businesses that share information with the U.S. government.

The new bill would also increase the prison terms for many cybercrimes, with the prison sentence for knowingly accessing a computer without authorization and obtaining national defense information increased from 10 to 20 years. The penalty for intentionally accessing a federal computer without authorization or a computer containing financial records would increase from one to three years, or from five to 10 years if the offense was committed for purposes of private financial gain.

The Cybersecurity Act does not change criminal penalties.

"Our bill represents a new way forward in protecting the American people and the country's cyber infrastructure from attack," Grassley said in a statement. "It's a bill that can be supported by all partners that have an interest in cybersecurity. Instead of the heavy hand of the government, our approach promotes information sharing and keeps the taxpayers' wallets close."

Some groups had expressed concern that the new bill would allow the U.S. National Security Agency to monitor U.S. networks in the name of cybersecurity. The SECURE IT Act does not expand the NSA's role, however.

The sponsors of the competing Cybersecurity Act, including Senator Joe Lieberman, a Connecticut independent, said they were "encouraged" by lawmakers' recognition of the need for new cybersecurity legislation.

Trade groups the United States Telecom Association (USTelecom), CTIA and TechAmerica all praised the new bill. TechAmerica, in a statement, encouraged the sponsors of the two bills to work together "to create the best possible, bipartisan framework to enhance our nation's cybersecurity."

USTelecom said it can support the new bill because it could strengthen cybersecurity "without creating new bureaucracies or regulatory mandates that would erode, rather than enhance, the ability of network providers to provide nimble and effective responses to cyberthreats."

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.

More about CTIAHutchisonIDGNational Security AgencyNSATechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts