Senate to Take Up Infosec Bill in Early 2012Majority Leader Harry Reid to Schedule Floor Time for Debate
The Senate will begin debating comprehensive cybersecurity legislation early next year.
Senate Majority Leader Harry Reid, in a letter sent late Wednesday, informed Minority Leader Mitch McConnell of his decision to bring the legislation to the floor during the first work period of the 2012 legislative session. That's according to a statement issued by the leaders of the Senate Homeland Security and Governmental Affairs Committee, who praised the move.
Committee Chairman Joseph Lieberman, ID-Conn., Ranking Member Susan Collins; R-Maine, and Federal Financial Management Subcommittee Chairman Thomas Carper, D-Del., last February introduced the Cybersecurity and Internet Freedom Act, S. 413, which incorporates an array of IT security measures, and likely will be the focus of the debate (see Senate Bill Eyes Cybersecurity Reform).
That measure, as originally drafted, would establish a White House Office of Cyberspace Policy, with its Senate-confirmed director to have influence over agencies' IT security budgets. The bill also would reform the way IT security would be governed in the federal government, emphasizing real-time monitoring of government IT systems and a move away from paper-compliance under the Federal Information Security Management Act of 2002. The bill would require each agency to designate a qualified, senior official as chief information security officer.
S. 413 is one 20 cybersecurity-related bills introduced in the Senate this year; another dozen measures have been introduced in the House of Representatives, according to an analysis by Melissa Hathaway, the former White House official who spearheaded President Obama's cyberspace policy review in 2009 (see Evaluating the State of Infosec Legislation in Congress).
(Article continues after table.)
Cybersecurity reform, for the most part, has bipartisan support, but because of its complexity and other national priorities such as the economy and the Iraq and Afghanistan wars have placed it on the back burner.
The House also is taking a different, more piece-meal approach to cybersecurity legislation, rather than passage of a comprehensive measure (see House GOP Unveils Cybersecurity Agenda). Still, if the Senate passes a comprehensive bill and the House enacts more focused measures, a single, compromise bill could emerge from a joint Senate-House conference committee. Stay tuned.