Cybersecurity Bill Rhetoric Heats Up in Washington

President Barack Obama says foreign adversaries could seek to exploit U.S. computer vulnerabilities

Computer vulnerabilities and how they can affect Americans' security are on the agenda for the U.S. Senate, and strong rhetoric is being used to support new legislation.

The Cybersecurity Act of 2012 is expected to move to the Senate floor this week. The bill has the support of President Barack Obama, and it is being sponsored by Sen. Joseph Lieberman of Connecticut.

"The cyber threat to our nation is one of the most serious economic and national security challenges we face," Obama wrote in an op-ed in The Wall Street Journal on July 19.

The president said that foreign adversaries could seek to exploit U.S. computer vulnerabilities, taking down vital banking systems, and that could cause a financial crisis. Similarly, he said, "The lack of clean water or functioning hospitals could spark a public health emergency. And as we've seen in past blackouts, the loss of electricity can bring businesses, cities and entire regions to a standstill."

Lieberman and four other co-sponsors of the cybersecurity bill recently introduced a revised version of the bill that has broader support than the prior version, which privacy advocacy groups such as the Electronic Frontier Foundation said included serious threats to civil liberties.

According to the EFF, major privacy protections added to the new bill ensure that:

  • Only civilian agencies will be in charge of U.S. cybersecurity systems, as opposed to the National Security Agency, which has been spearheading warrantless wiretapping for years.
  • Data won't be shared with law enforcement except in certain circumstances such as when it relates to a cybersecurity crime investigation or an imminent threat of death or serious bodily harm.
  • Data garnered from cybersecurity initiatives can't be used as evidence for other crimes such as copyright infringement or drug usage.
  • Constitutionally-protected free speech and terms of service violations won't be considered as threats to cybersecurity.

Even so, the EFF maintains that the new bill isn't perfect.

"Currently, the bill specifically authorizes companies to use cybersecurity as an excuse for engaging in nearly unlimited monitoring of user data or countermeasures (like blocking or dropping packets)," EFF says.

In his op-ed, the president wrote that the cybersecurity bill about to be considered in the Senate reflects input from industry and civil libertarians, has bipartisan support and is backed by homeland security, intelligence and defense leaders in Washington.

Check out the bill for yourself (PDF).

Follow Christina on Twitter and Google+ for even more tech news and commentary and follow Today@PCWorld on Twitter, too.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Christina DesMarais

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place