Washington, DC - U.S. Senators John McCain (R-AZ), Kay Bailey Hutchison (R-TX), Chuck Grassley (R-IA), Saxby Chambliss (R-GA), Lisa Murkowski (R-AK), Dan Coats (R-IN), Ron Johnson (R-WI), and Richard Burr (R-NC) today introduced the Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology Act (SECURE IT), their proposal to protect and secure our nation against cybersecurity attacks.
“The SECURE IT Act strengthens America’s cybersecurity by promoting collaboration and information-sharing, updating our criminal laws to account for the growing cyber threat and enhancing research programs to protect our critical networks,” said Senator John McCain. “This legislation will help us begin to meet the very real threat of cyber attack.”
“We are all in agreement that we need to make our nation’s cybersecurity a top priority. I believe we have come up with a strong common sense approach that will help prevent the spread of cyberattacks from network to network and across the Internet, by removing barriers to sharing information about threats, attacks, and strategies for improvement,” Senator Hutchison said. “Our bill focuses on giving businesses the tools they need to protect themselves from the looming threat of cyber criminals, and increased requirements for notification of threats to federal agencies.”
“As our nation faces increasing cyber attacks in a critical economic environment, we must ensure that the private sector has the authority it needs to defend its own networks and share cyber threat information to prevent future attacks,” Senator Chambliss said. “Now is not the time for Congress to be adding more government, more regulation, and more debt – especially when it is far from clear that any of it will enhance our security. Our bill offers the right solution to improving our nation’s cybersecurity by encouraging collaboration, investment, and innovation.”
“Our bill represents a new way forward in protecting the American people and the country’s cyber infrastructure from attack. It’s a bill that can be supported by all partners that have an interest in cybersecurity. Instead of the heavy hand of the government, our approach promotes information sharing and keeps the taxpayers’ wallets close,” said Senator Grassley.
“Rather than arming Homeland Security with expansive new regulatory authority over every sector of our economy, the SECURE IT cyber bill we’ve introduced today emphasizes a partnership approach between the government and private entities. By focusing on those areas like information sharing where bipartisan agreement is achievable, we can tackle the cyber issue in a meaningful and constructive way,” said Sen. Murkowski.
“After September 11, we broke down the barriers to information sharing and provided our intelligence and law enforcement professionals with the tools they need to keep us safe. Today, we must break down similar barriers that exist in cyber security to respond to the increasing number of attacks against private companies and the federal government,” said Senator Coats. “The SECURE IT Act will enable robust information sharing without creating costly layers of government bureaucracy or imposing new regulatory burdens on American businesses.”
“This bill recognizes that industry is at the center of any solution. It's a sensible step forward that allows industry to invest in innovation and job creation rather than compliance. Imposing a costly and bureaucratic regulatory regime is the wrong approach to national security. New regulations will slow down innovation and investment while companies wait years for the government to introduce outdated standards,” said Sen. Johnson. “The regulatory process simply cannot keep up with the rapid pace of technology.”
“Cyber security is essential to our national security, and this bill takes a step in the right direction to ensure that our nation has the proper defenses in place to address threats to our nation’s systems and infrastructure. This bill takes fiscally responsible measures to protect against cyber threats by enhancing research and development, updating enforcement tools and penalties to reflect current threats, and promoting voluntary information sharing between the public and private sector without creating unnecessary bureaucracy or regulations,” said Senator Burr.
Co-sponsors of the proposal are U.S. Sens. John McCain, Ranking Member of the Senate Armed Services Committee, Kay Bailey Hutchison, Ranking Member of the Senate Commerce, Science, and Transportation Committee, Chuck Grassley, Ranking Member of the Senate Judiciary Committee, Saxby Chambliss, Vice Chairman of the Senate Select Committee on Intelligence, Lisa Murkowski, Ranking Member of the Senate Energy and Natural Resources Committee, Dan Coats, Ranking Member of the Senate Appropriations Subcommittee on Homeland Security, and Ron Johnson, Ranking Member of the Senate Homeland Security Subcommittee on Oversight of Government Management, the Federal Workforce, and the District of Columbia, and Richard Burr, Ranking Member of the Senate Veterans Affairs Committee.
The SECURE IT Act will:
• Improve cybersecurity by collaborating with industry and eliminating barriers to enhanced information sharing.
• Create expedited information sharing for private sector using existing structures and reporting relationships.
• Require federal contractors who provide telecommunications or cybersecurity services for the federal government to report to the government cyber threat information related to those services.
• Strengthen criminal statutes for cyber crimes.
• Update the Federal Information Security Management Act (FISMA) and preserve the roles of the National Institute of Standards and Technology (NIST) and the Department of Commerce in disseminating security standards for the federal government.
• Leverage and strengthen existing programs in cybersecurity research and development.
Here is a copy of the text of Grassley’s statement at today’s press conference.
The group you see here today saw a need to develop cybersecurity protections that focused on avoiding new federal government bureaucracies, reforming existing programs, and not adding additional, burdensome regulations that may stifle innovation and growth in the private sector.
We felt the best approach was to focus on strengthening Cybersecurity defenses. We do this by coordinating the public and private sectors to work together.
Creating a collaborative partnership between the private sector and the federal government will foster an information sharing system that helps detect, eliminate, and prevent cyber threats.
Our legislation is something that all partners involved in protecting our cyber networks can fully stand behind.
As the Ranking Member of the Judiciary Committee, I have focused my involvement on the criminal law provisions, legal barriers to information sharing, civil liberty and privacy protections, as well as whistleblower protections.
Our bill will break down the legal barriers, such as antitrust and liability issues. In the past, these barriers prohibited business and industry from sharing cyber threat information with the government or industry partners. The bill includes provisions to ensure that confidentiality and personal privacy are engrained in the information sharing. It also includes a provision ensuring that no preexisting whistleblower protection law is changed by this legislation. We also update criminal statutes and streamline the existing, confusing penalty structure in the Computer Fraud and Abuse Act. And, it reins in prosecutions. These prosecutions have raised concerns by advocates on both sides of the political spectrum. If left unchanged, they could lead to average citizens being prosecuted as federal felons.
Beyond the Judiciary Committee provisions, and very importantly, our legislation adheres to our core principle of keeping the government’s regulatory reach out of the private sector. We avoid complicated regulatory regimes that will stifle innovation and job growth.
Our approach has been laid out for many months. It achieves consensus and can gain the support of many Senators.