Government already in cybersecurity regulation business, report says

The Congressional Research Service issued an exhaustive review of the legal underpinnings for cybersecurity. Congress is debating whether to regulate private sector cyber practices, especially for critical infrastructure.

CRS found the government is in the cyber regulation business already, citing the Chemical Facility Anti-Terrorism Standards from Homeland Security and the Maritime Transportation Security Act, which gives the Coast Guard regulatory authority, as examples.

CRS also pointed out the scope of what was considered covered by the label “critical infrastructure” was fuzzy, making it difficult to know where federal law might pre-empt state laws.

Currently, five cybersecurity bills are working their way through Congress:

  • H.R. 3523 (introduced by Rep. Mike Rogers (R-Mich.)) concerns how the intelligence community and the private sector share information.
  • H.R. 3674 (Dan Lungren (R-Calif.)) addresses information sharing and protection of critical infrastructure.
  • S. 2102 (Sen. Dianne Feinstein (D-Calif.)) aims to ease information sharing.
  • S. 2105 (Sen. Joe Lieberman (I-Conn.) addresses the protection of federal government networks and critical infrastructure. It also includes the information sharing provisions of Feinstein’s bill.
  • S. 2151 (Sen John McCain (R-Ariz.)) includes provisions about information sharing, both within the private sector and between the government and the private sector.

This story is part of Federal News Radio’s daily Cybersecurity Update. For more cybersecurity news, click here.


GOP cyber bill takes hands-off approach to industry

Is cybersecurity bill on Congress’ to-do list?