GOP Senators revise cybersecurity bill

New version of SECURE IT takes less regulatory approach than Democratic-backed Cybersecurity Act, sponsors say

A group of Republican Senators introduced on Wednesday a revised version of a previously proposed bill that seeks to improve cybersecurrity through improved information sharing between private industry and government.

The new Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology Act (SECURE IT) is being proposed as a less regulatory alternative to another Senate bill called the Cybersecurity Act that was introduced earlier this year by Senate Democrats.

The main difference between the two bills is that the Republican version does not give any new regulatory authority to the federal government to set cybersecurity standards like the Democratic version does. The new version of SECURE IT also restricts the purposes for which government can retain and use cyber-threat information.

SECURE IT, backed by Senators John McCain (R-AZ), Kay Bailey Hutchison (R-TX), Chuck Grassley (R-IA), Saxby Chambliss (R-GA), Lisa Murkowski (R-AK), Dan Coats (R-IN), Ron Johnson (R-WI), and Richard Burr (R-NC), will allow companies to legally share real-time cyber-threat information from their networks with other industry stakeholders, law enforcement and government.

Security experts believe that such information sharing is vital to combating cyber attacks. The bill will also encourage investment in tools and skills for preventing and remediating cyber attacks.

In addition, SECURE IT seeks to strengthen criminal statutes against cyber crime and will require federal contractors to notify their government customers of any security incidents related to their service.

Many of the objectives are similar to those proposed in the Cybersecurity Act. What's different is that SECURE IT does not give the government any new regulatory authority.

The Democratic bill gives the United States Department of Homeland Security the right to evaluate the security practices of critical infrastructure operators. It would require operators that are found deficient in their security practices to work with the DHS to remedy the situation.

With SECURE IT, the focus is more on deterrence rather than regulation, the senators who sponsored the bill said on Wednesday in a statement.

"I have no faith that federal regulators should take the lead on cybersecurity," Sen. Johnson said in the statement. "The regulatory process simply cannot keep up with the rapid pace of technology. Rather than try to impose a comprehensive approach, we need to take this one step at a time -- building confidence between government and the private sector, and ensuring protections for civil liberties."

The revised version of SECURE IT tightens up the definition of cyber-threat information. It also spells out the responsibilities of government organizations and industry stakeholders when sharing cyber-threat information.

It includes language aimed at ensuring that federal agencies adopt and update security tools for combating cyber-threats. "The surest and quickest way to improve cybersecurity in this country is to leverage the capabilities and flexibility of the private sector instead of creating costly layers of government bureaucracy," Sen. Coats said in the statement.

House lawmakers passed their version of a similar information-sharing bill (H.R. 3523) in April. The bill, called the Cyber Intelligence Sharing and Protection Act ( CISPA), attracted considerable criticism from privacy advocates and others, who fear it will eviscerate privacy rights.

President Obama has threatened to veto any cybersecurity bill that lands on his desk containing the same provisions than CISPA does.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is

See more by Jaikumar Vijayan on

Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Topic Center.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts