The latest version of S 773, the Senate Commerce, Science and Transportation Committee’s cyber security legislation, is expected to be approved by the Committee on Wednesday. The Internet Security Alliance (ISA) has announced its support for the new version of the bill, which removed the previously controversial “kill switch” for the Internet as well as cutting out the federally-mandated cyber standards for the private sector.
In a letter to the Committee, Larry Clinton, President of ISA, wrote “The approach reflected in the current draft is a vast improvement over the government centric, regulatory-mandate framework reflected in the initial version.”
If passed by the Committee, this will be the first cybersecurity bill to be approved by a Congressional Committee.The new version of the bill also removes the plan to announce publicly which sections of the critical infrastructure were most vulnerable to cyber attack.
“The Internet Security Alliance wishes to express its gratitude to Senators Rockefeller and Snowe for calling attention to the severe and growing cyber security problems our nation faces by introducing S 773,” Clinton wrote. “ISA also wishes to commend Committee staff for their exhaustive efforts over the past year or more to bring the draft Cybersecurity Act of 2010 to where it is today.”
Despite its support, ISA also believes there are still areas for improvement with the bill. ISA believes that the current bill’s proscription for an audit of private sector security in some sectors of the critical infrastructure would prove ineffective. It “undermines cybersecurity by draining resources that could otherwise be put towards substantive security activities,” Clinton wrote.
He continued “The current draft of S 773 exacerbates this problem by piling additional audit requirements on elements of the private sector without any promise that the audits will result in any improvements in security, or even that we will have the massive number of qualified auditors to conduct these redundant examinations.”
The letter also called on the bill to be altered to more effectively address incentive programs.
“ISA believes much more ought to be done to stimulate the cyber insurance industry to transfer the current massive financial risk the American taxpayer faces from the prospect of a major cyber event,” Clinton wrote. “Greater use of cyber insurance can also motivate adoption of improved security practices by private enterprise and provide a private sector funded mechanism to monitor adoption of adequate cyber security procedures throughout the business community.”
Additionally, the letter called for the inclusion of the tax incentives and liability reforms advanced in the 60 Day Cyberspace Policy Review written by Melissa Hathaway. However, the letter recognizes that the way Congress is designed, several of their recommendations could not be included by the current Committee.
The final area of concern for ISA is the “breadth of enterprises that the current bill will bring under its umbrella.”