What's going on with the Cybersecurity Act of 2012?
by Berislav Kucan - Thursday, 26 July 2012.
This week we have witnessed a heated debate between US Senators who showed opposite opinions on the Cybersecurity Act of 2012, a bill aimed at regulating a number of important aspects related to defending critical infrastructure from cyber attacks.

The bill is sponsored by the independent Connecticut senator Joe Lieberman, chairman of the Senate Homeland Security Committee, and four of his Democratic colleagues, and it focuses on building a public-private partnership that would enable a higher level of protection for critical infrastructure in this day and age where cyber attacks are omnipresent.

The Cybersecurity Act of 2012 was first introduced back in February, but because of harsh criticism from both politicians and civil society organizations, the bill was pulled back to be rewritten.

The Electronic Frontier Foundation (EFF) - the digital rights advocacy and legal organization based in San Francisco - analyzed the February proposal and identified a number of privacy-related issues and problems that would empower the rise of a digital Big Brother.

The initial bill was based on over three years of legislative preparations and countless hours of consultations between the members of the Senate, but it seems a couple of extra months were needed to make the proposed law more acceptable to a larger number of decision makers.

Some of the notable changes in the revised legislation include a better specification of the term "cybersecurity threat" (which prevents broad interpretations and in some way pleases organizations fighting for privacy and free speech online), the swap of the word “required“ with “voluntary” when talking about participation of critical infrastructure owners in cybersecurity programs, and making the reporting of cyber security incidents related to the systems in question mandatory, since attacks against them can lead to catastrophic consequences.

The bill’s sponsors hoped to come to a bi-partisan consensus on the proposal, but even with all the revisions a number of initial critics are still against it.

One of the most vocal critics of the bill is the Senate Armed Services Committee ranking member John McCain. As the majority of USA's critical infrastructure is owned by the private sector, he is against any type of State intervention in things like setting up security-related standards.

The bill’s sponsors are trying to push for a vote on the legislation as soon as possible - Senator Lieberman even said that the bill won't survive if the Senate doesn't consider it before the upcoming August recess. In a floor speech, Mr. McCain clearly objected to this pressure and added a remark that "it is not the right way to move forward with little or no opportunity for debate and amendments".

President Barack Obama showed his clear support for the Cybersecurity Act of 2012 in an op-ed piece published a week ago in The Wall Street Journal. In the article titled "Taking the Cyberattack Threat Seriously,” the President considers a worst case scenario related to an attack on critical infrastructure and stresses that “the United States of America have the opportunity - and the responsibility - to take action now and stay a step ahead of their adversaries". Mr. Obama closed his piece by urging the Senate to pass the Cybersecurity Act of 2012.

The United States are constantly targeted with cyber attacks, but the situation for the current administration became even more complicated after New York Times' David E. Sanger, while announcing his new book "Confront and Conceal: Obama's Secret Wars and Surprising Use of American Power," confirmed that the USA and Israel are behind the Stuxnet worm. Stuxnet, as you probably know, was used for sabotaging the Iranian nuclear facility in Natanz – a move that supposedly regressed the country’s nuclear weapon production program up to three or four years.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th