- The Foundry: Conservative Policy News from The Heritage Foundation - http://blog.heritage.org -

Heritage Cyber Chart: Cyber Legislation Compared

Posted By David Inserra On June 22, 2012 @ 12:16 pm In Security | Comments Disabled

Cybersecurity is a vital national security and economic issue. To better inform Congress, Heritage has assembled a cybersecurity chart [1] that seeks to lay bare many of the details of the competing cybersecurity bills, including CISPA, the Cybersecurity Act of 2012, and SECURE IT. While these bills contain many similarities, the differences make them vastly different in their approach, effectiveness, and cost.

The House of Representatives considered various proposals before approving the Cyber Intelligence Sharing and Protection Act (CISPA) in April. CISPA relies on voluntary information sharing [2] among and between the private sector and the government. Heritage released a number of reports [3] on CISPA, including our final analysis [4] of the bill after passage.

Though it started as a strong bill, certain key changes—including the weakening of liability protection and the addition of artificial restrictions on use—made the bill significantly weaker in accomplishing information sharing. CISPA’s general premise of encouraging information still remains, though, and could be improved in conference.

The Senate is currently ground zero for cybersecurity legislation, as two bills battle for votes: the Cybersecurity Act of 2012, by Senators Joseph Lieberman (I–CT) and Susan Collins (R–ME), and the Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology Act of 2012 (SECURE IT) by Senator John McCain (R–AZ). SECURE IT takes a similar approach to CISPA in encouraging voluntary information sharing, but so far it includes stronger liability protections, which is a critical improvement.

Opposed to SECURE IT, the Cybersecurity Act of 2012 uses a different strategy [5] to achieve cybersecurity. Though it includes information-sharing provisions (albeit weaker than SECURE IT), the main focus of the bill is on regulating critical infrastructure. The bill would set in motion a process to determine which facilities and networks need cybersecurity improvements and then require those networks to improve their cybersecurity to some level. Though the Cybersecurity Act tried to be creative in its regulatory efforts, it still faces critical problems of adaptability, cost, and cost-effectiveness.

The Heritage cyber chart describes the position of each bill on information sharing, the role of the government, and costs and regulations that each bill would impose. Before Congress acts, it should closely consider how well each provision improves our security and how cost effective it is.


Article printed from The Foundry: Conservative Policy News from The Heritage Foundation: http://blog.heritage.org

URL to article: http://blog.heritage.org/2012/06/22/heritage-cyber-chart-cyber-legislation-compared/

URLs in this post:

[1] cybersecurity chart: http://www.heritage.org/research/factsheets/2012/06/comparison-of-cybersecurity-legislation

[2] relies on voluntary information sharing: http://www.heritage.org/research/reports/2012/01/rogers-ruppersberger-bill-a-solid-cybersecurity-approach

[3] a number of reports: http://www.heritage.org/research/reports/2012/04/cyber-intelligence-sharing-and-protection-act-promotes-cybersecurity

[4] final analysis: http://www.heritage.org/research/reports/2012/05/cyber-intelligence-sharing-and-protection-act-disappoints-in-the-end

[5] a different strategy: http://www.heritage.org/research/reports/2012/03/senate-cybersecurity-bill-not-ready-for-prime-time

Copyright © 2011 The Heritage Foundation. All rights reserved.