With a few quips and calls for actions, but no controversy, the Senate Commerce, Science and Transportation Committee on Tuesday approved a marked-up cybersecurity bill.
The Cybersecurity Act of 2013 — discussed at length in a Senate hearing last week — would codify a voluntary set of cybersecurity standards for private companies, boost cybersecurity research and development and establish new cyberworkforce education programs. The bill’s sponsor, committee Chair Jay Rockefeller, D-W.Va., said the bill “takes some important steps,” but called on his Senate colleagues to keep walking.
“We’re one of three committees handling this; we’re just putting it out first,” Rockefeller said with a smile. “I just wanted to say that.”
The bill’s co-sponsor, John Thune, R-S.D., echoed Rockefeller’s comments, more directly calling on the Intelligence Committee and Homeland Security Committee to act on their areas of cybersecurity oversight. Intelligence oversees public-private information sharing; Homeland Security oversees federal information security.
Thune called on Intelligence to put forth “bipartisan, consensus legislation to promote robust sharing of cybersecurity information with strong liability protections,” to protect companies from indictment for some cyberdefense actions. He also called for Homeland Security to update the Federal Information Security Management Act of 2002.
As the bill moved from discussion to draft form, lawmakers have emphasized the private industry support for the measure. Tuesday was no different, with Thune submitting nearly two dozen industry letters of support. Trade organizations across numerous industries — manufacturing, telecommunications, finance, electric — have indicated their support.
“Our bill takes some important steps to help our private companies and government agencies to defend their networks against these adversaries,” Rockefeller said.