Sen. Joe Lieberman has revised a bill to make mandatory cybersecurity provisions optional. Lieberman submitted the revised bill in hopes of getting Senate approval.
In a Wall Street Journal editorial published on Friday, President Barack Obama urged the Senate to pass S. 2105 , the Cybersecurity Act of 2012.
In its original form, the act would have required that companies designated as critical infrastructure, such as utilities and financial institutions, comply with cybersecurity standards established by the government. The bill would also have given the Department of Homeland Security the power to inspect private facilities designated as critical infrastructure to ensure that the cybersecurity standards were being met.
However, S. 2105 faced overwhelming opposition in the Senate, leading the bill’s sponsor, Sen. Joe Lieberman (I-CT) to revise the measure. Now, the bill offers incentives for companies to comply with the standards, such as liability protection relating to cybersecurity breaches, but contains no requirements for businesses.
In a statement announcing the revised bill, Lieberman said : “This compromise bill creates a public-private partnership to set cybersecurity standards for critical American infrastructure, and offers the reward of some immunity from liability to those who meet those standards. In other words, we are going to try carrots instead of sticks as we begin to improve our cyber defenses. This compromise bill will depend on incentives rather than mandatory regulations to strengthen America's cybersecurity. If that doesn't work, a future Congress will undoubtedly come back and adopt a more coercive system.”
Illustration from OperationPaperStorm/flickr