Sen. Carper Commends Introduction of Cybersecurity Act of 2012

WASHINGTON – Today, Sen. Tom Carper (D-Del.), a senior member of the Homeland Security and Governmental Affairs Committee, commended the introduction of the Cybersecurity Act of 2012 (S. 2105), bipartisan legislation that would guard against the nation’s increasing vulnerability to cyber attack and secure the cyber systems of the essential services that keep our nation running.

The Cybersecurity Act of 2012 supports a public-private partnership to secure those systems which if commandeered or destroyed by a cyber attack could cause mass deaths, evacuations, disruptions to life-sustaining services, or catastrophic damage to the economy or national security.

“I welcome the introduction of this important legislation that will help better protect Americans and our critical infrastructure from cyber-related security threats,” said Sen. Carper. “Over the past decade, our society has become increasingly dependent on the Internet, including our military, our government, and businesses of all kinds. While we have reaped enormous benefits from this powerful technology, our enemies have unfortunately identified cyber space as an ideal 21st century battlefield. Challenges this big require a bold plan and a new way of thinking. This bill will transform our nation’s cybersecurity efforts and help us more effectively fight the rapidly evolving cyber threats we face today.

“This is an issue that I have been working on with my colleagues for several years, and I am encouraged that this legislation builds on those previous efforts and includes a number of measures that take necessary precautions to secure and protect the government networks that house Americans’ personal and sensitive information,” continued Sen. Carper. “The bill also includes an initiative that I have been pushing to invest in the next generation of American cyber experts by providing stronger cybersecurity training in our schools and universities. Furthermore, it provides for stronger research and development programs to help develop cutting edge technologies here at home, keeping us one step ahead of our adversaries. Our critical infrastructure is dependent upon the security and resiliency of America’s information infrastructure. That’s why it’s so important that we work in a bipartisan manner to get a strong bill on the President’s desk soon. I look forward to working with all my colleagues to help move this bill forward.”

The legislation reflects recommendations from companies and trade associations representing the information technology, financial services, telecommunications, chemical, and energy sectors, among others. National security, privacy, and civil liberties experts also provided essential counsel.

Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman, ID-Conn., Ranking Member Susan Collins, R-Maine, Commerce Committee Chairman Jay Rockefeller, D-W.Va., and Select Intelligence Committee Chairman Dianne Feinstein, D-Ca. are original sponsors of the legislation.

The Cybersecurity Act of 2012 would require:

  • The Department of Homeland Security (DHS) to assess the risks and vulnerabilities of critical infrastructure systems – whose disruption from a cyber attack would cause mass death, evacuation, or major damage to the economy, national security, or daily life – to determine which should be required to meet a set of risk-based security standards. Owners/operators who think their systems were wrongly designated would have the right to appeal.
  • DHS to work with the owners/operators of designated critical infrastructure to develop risk-based performance requirements, looking first to current standards or industry practices. If a sector is sufficiently secured, no new performance requirements would be developed or required to be met.
  • The owners of a covered system to determine how best to meet the performance requirements and then verify that it was meeting them. A third-party assessor could also be used to verify compliance, or an owner could choose to self-certify compliance.
  • Current industry regulators to continue to oversee their industry sectors.
  • Information-sharing between and among the private sector and the federal government to share threats, incidents, best practices, and fixes, while maintaining civil liberties and privacy.
  • DHS to consolidate its cybersecurity programs into a unified office called the National Center for Cybersecurity and Communications.
  • The government to improve the security of federal civilian cyber networks through reform of the Federal Information Security Management Act.