Legislation

S. 413: Cybersecurity and Internet Freedom Act of 2011
On February 17, 2011, Senators Joe Lieberman (I-CT), Susan Collins (R-ME), and Tom Carper (D-DE) introduced the Cybersecurity and Internet Freedom Act of 2011, a comprehensive cybersecurity protection bill. Nearly identical to S. 3480 from last Congress, S. 413 would establish a new Office of Cyberspace Policy within the Executive Office of the President to coordinate and oversee federal policies and activities on cybersecurity and resiliency in conjunction with a new National Center for Cybersecurity and Communications within DHS. The new office would be charged with protecting the computer systems of the nation’s critical infrastructure, prioritizing national cybersecurity strategies, and encouraging information-sharing relevant to cyber threats. S. 413 would authorize the President, using the least disruptive means feasible, to declare cyber emergencies, requiring “covered critical infrastructures” (i.e., systems and assets that could cause “national or regional catastrophic effects” if disrupted or destroyed) to implement mitigation plans. Unlike its predecessor, S. 413 adds additional protections explicitly preventing the President from shutting down the Internet, and allows for an owner or operator to challenge its designation as “covered critical infrastructure” in federal court.
 
In her floor statement, Senator Collins made it clear that she intends for the bill’s emergency measures apply only to the nation’s most critical infrastructure in a precise way. Covered critical infrastructures would include the electric power grid, telecommunications networks, financial systems, or other systems that could cause a “national or regional catastrophe” if disrupted. In determining this, the bill directs the Secretary of Homeland Security to consider whether the disruption would cause: a mass casualty event including an extraordinary number of fatalities (more than 2,500); severe economic consequences (greater than $25 billion in first-year losses); mass evacuations with a prolonged absence (greater than one month); or severe degradation of national security capabilities, including intelligence and defense functions.
 
Status: S. 413 has been referred to the Senate Homeland Security and Governmental Affairs Committee where a hearing was held in May.

S. 21: Cyber Security and American Cyber Competitiveness Act of 2011
Introduced on January 25, 2011 by Sen. Harry Reid (D-NV), S. 21 is a “sense of Congress” bill which outlines Senate leadership’s objectives for cybersecurity legislation. The eventual introduction of cybersecurity legislation in the Senate likely will focus on these ten objectives while incorporating key points from the Lieberman/Collins/Carper approach, and probably a few other sources. As defined in S. 21, Reid’s priorities include:
  1. Enhancing the security of federal government IT networks against cyber attack;
  2. Creating incentives for the private sector to assess and mitigate cyber risks;
  3. Promoting investments in the IT sector that create jobs and enhance US competitiveness;
  4. Enhancing the federal government’s ability to prevent and respond to cyber attacks against the military;
  5. Enhancing the government and private sector’s ability to prevent and respond to attacks against critical infrastructure;
  6. Preventing identity theft and breaches of personally identifiable information;
  7. Battling global cyber crime and promoting international freedom of access through enhanced diplomacy;
  8. Protecting US critical infrastructures and assets, including the electric grid, military assets, the financial sector and telecommunications networks against cyber attack and vulnerabilities;
  9. Respecting privacy and civil liberties in the investigation and prosecution of cyber crimes; and
  10. Protecting the privacy of US citizens’ online activities and communications.
Status: Senator Reid's bill was referred to the Senate Homeland Security and Governmental Affaris Committee where it awaits action.

H.R. 321: Equal Employment for All Act
Rep. Steve Cohen (D-9th, TN) reintroduced the Equal Employment for All Act on January 19, 2011. This bill is identical to H.R. 3149 from the 111th Congress, which ASIS opposed. H.R. 321 would amend the Fair Credit Reporting Act to prohibit employers from using credit checks for employment purposes or adverse action. The bill makes exceptions for jobs requiring national security or FDIC clearance, financial institutions, or when otherwise required by law. Several organizations testified against this bill last Congress, arguing that credit is relevant to the job duties of many positions requiring high levels of trust, not just those exempted in the bill.
 
Status: H.R. 321 has been referred to the House Financial Services Committee. This is also an issue that has been the subject of much state activity.  Hawaii, Washington, Oregon, Illinois and Connecticut have already enacted laws that ban the use of credit reports for most job applicants and similar legislation has been considered in Colorado, Pennsylvania, the District of Columbia, Georgia, Indiana, Maryland, Michigan, Missouri, New Jersey, New York, Ohio, Oklahoma, South Carolina, Vermont and Wisconsin.

H.R. 607: Broadband for First Responders Act of 2011
Introduced by Rep. Peter King (R, NY-3rd), this bill supports public safety officials in their efforts to allocate the D block (10 megahertz of electromagnetic spectrum bands) directly to public safety. The bill directs that the D block be made available for public safety broadband communications rather than allowing the FCC to auction it off to the private sector. A Senate companion is expected to be introduced by Senators Lieberman (I-CT) and McCain (R-AZ).
The Federal Communications Commission (FCC) maintains that giving the D block to public safety would harm its own plans for a network and should be auctioned off to the private sector (the FCC would use the proceeds of the auction to help create a nationwide public safety communications network), while ensuring that first responders would have access to it in emergencies. Last Congress, ASIS wrote a letter of support to the IACP expressing concern for the FCC's plan.
 
Status: The Obama Administration announced its support for a plan that would allocate the D block to public safety agencies, though the Administration’s proposal would pay for it by auctioning off other spectrum volunteered by the nation’s broadcasters. Senator John Rockefeller (D-WV) has introduced a bill that falls closely in line with Administration’s plan, and it has been strongly supported by Senator Kay Bailey Hutchison, ranking Republican member of the Senate Commerce Committee. That legislation, S.911, was reported out of the Commerce Committee with an overwhelming majority (21-4) of bipartisan support. While there has been no activity on King’s bill, the D block issue is picking up pace in the 112th Congress and has the attention of both the House and Senate, as well as the White House.

H.R. 668: Secure High-Voltage Infrastructure for Electricity from Lethal Damage (SHIELD) Act
Introduced by Rep. Trent Franks (R-2nd, AZ) on February 11, 2011, this bill seeks to protect the power grid and electric infrastructure from electromagnetic pulse (EMP) threats. EMP occurs both naturally by geomagnetic storms, and via manmade devices, such as by detonation of a nuclear weapon. The pulse of magnetic energy adversely affects a wide range of electronic devices, ranging from cell phones and personal computers to power grids, satellites and air traffic control systems. The Congressional EMP Commission and the National Academy of Sciences characterize electromagnetic pulse as a potentially catastrophic threat. Similar to last year’s proposed Grid Reliability and Infrastructure Defense Act (GRID Act), the SHIELD Act would:
  • Authorize the Federal Energy Regulatory Commission (FERC), upon identification of an imminent EMP threat, to issue orders for emergency measures to protect the reliability of the bulk-power system and/or defense critical electric infrastructure;
  • Authorize FERC to provide for cost recovery of “substantial costs” incurred in compliance with such emergency orders;
  • Authorize FERC to issue temporary rules to protect against grid security vulnerabilities to EMPs where existing standards do not provide for sufficient protection; FERC’s orders would be rescinded upon approval of a sufficient standard;
  • Require North American Electric Reliability Corporation (NERC) to propose, within one year, reliability standards addressing “reasonably foreseeable” EMPs, based upon FERC’s specification of the “nature and magnitude” of such threats; such standards would be required to balance risks and mitigation costs;
  • Require NERC to propose, within two years, reliability standards addressing capabilities of restoring operations after an EMP event; such standards would be required to balance risks and costs and would require entities that own or operate large transformers to ensure adequate availability in the event they are destroyed or disabled by an EMP attack; and
  • Require the President to identify up to 100 critical defense facilities that would be subject to FERC rules prescribing measures to take to protect against malicious EMPs, subject to the owners of the facilities agreeing to incur the costs necessary to comply with FERC orders.
 
Status: H.R. 668 has been referred to the House Committees on Energy & Commerce and Budget.