Seven Republican U.S. senators introduced their own cyber security legislation after saying an earlier bill would create costly regulations for businesses.
The sponsors of the new Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology (SECURE IT) Act also complained they did not have enough input on the earlier legislation.
The Republican senators, including John McCain of Arizona, Kay Bailey Hutchison of Texas and Chuck Grassley of Iowa, introduced the SECURE IT Act late last week. They said the bill was a less regulatory alternative to the Cybersecurity Act, a bill introduced by two Democrats, an independent and a Republican in February.
“The SECURE IT Act strengthens America’s cyber security by promoting collaboration and information-sharing, updating our criminal laws to account for the growing cyber threat and enhancing research programs to protect our critical networks,” McCain said. “This legislation will help us begin to meet the very real threat of cyber attack.”
The Cybersecurity Act would allow the secretary of the U.S. Department of Homeland Security to designate some private networks as critical infrastructure and require them to submit security plans to the agency. But the SECURE IT Act has no such regulations, instead focusing on encouraging private companies and the federal government to share more information about cyberthreats, sponsors said.
The new bill would give legal protections to private groups that share information about cyberthreats. The older bill also includes some information-sharing provisions, but critics have said legal protections would cover only businesses that share information with the U.S. government.
The new bill would also increase the prison terms for many cybercrimes, with the prison sentence for knowingly accessing a computer without authorization and obtaining national defense information increased from 10 to 20 years. The penalty for intentionally accessing a federal computer without authorization or a computer containing financial records would increase from one to three years, or from five to 10 years if the offense was committed for purposes of private financial gain.
The Cybersecurity Act does not change criminal penalties.
“Our bill represents a new way forward in protecting the American people and the country’s cyber infrastructure from attack,” Grassley said. “It’s a bill that can be supported by all partners that have an interest in cyber security. Instead of the heavy hand of the government, our approach promotes information sharing and keeps the taxpayers’ wallets close.”
Some groups had expressed concern that the new bill would allow the U.S. National Security Agency (NSA) to monitor U.S. networks in the name of cybersecurity. The SECURE IT Act does not expand the NSA’s role, however.
The sponsors of the competing Cybersecurity Act, including Sen. Joe Lieberman, a Connecticut independent, remained “encouraged” by lawmakers’ recognition of the need for new cyber security legislation.