 Broad cybersecurity legislation was introduced by leaders of three powerful Senate committees today. The Cybersecurity Act of 2012 (S. 2105) could require industries designated as critical infrastructure to meet relevant performance standards.
Homeland Security Chairman Joseph Lieberman (D-CT), Commerce Committee Chairman Jay Rockefeller (D-WV), and Intelligence Chair Diane Feinstein (D-CA) were joined by Senator Susan Collins (R-ME) in sponsoring the bill.
Majority Leader Harry Reid (D-NV) is expected to schedule the bill for consideration on the Senate floor after the Senate returns from the President's Day recess the last week of February.
However, several Republican Senators have written to Senator Reid asking that each committee be given an opportunity to vote on the bill before it goes to the floor,
The primary concern of the Legislative Committee is that the bill may offer an opportunity for amendments, including data breach legislation which could include some anti-pretexting language We'll be watching this process carefully.
Here is the Homeland Security Committee's description of the bill:
The Cybersecurity Act of 2012 would require: The Department of Homeland Security to assess the risks and vulnerabilities of critical infrastructure systems - whose disruption from a cyber attack would cause mass death, evacuation, or major damage to the economy, national security, or daily life - to determine which should be required to meet a set of risk-based security standards.Owners/operators who think their systems were wrongly designated would have the right to appeal. DHS to work with the owners/operators of designated critical infrastructure to develop risk-based performance requirements, looking first to current standards or industry practices. If a sector is sufficiently secured, no new performance requirements would be developed or required to be met. The owners of a covered system to determine how best to meet the performance requirements and then verify that it was meeting them. A third-party assessor could also be used to verify compliance, or an owner could choose to self-certify compliance Current industry regulators to continue to oversee their industry sectors. Information-sharing between and among the private sector and the federal government to share threats, incidents, best practices, and fixes, while maintaining civil liberties and privacy. DHS to consolidate its cybersecurity programs into a unified office called the National Center for Cybersecurity and Communications. The government to improve the security of federal civilian cyber networks through reform of the Federal Information Security Management Act.
Keeping the profession informed, Jimmie Mesis, LPI NCISS Legislative Chairman
NCISS 7501 Sparrows Point Boulevard Baltimore, Maryland 21219-1927 T-(800) 445-8408 F-(410) 388-9746 jim@nciss.org (Permission granted to repost this message) | 
