Editor’s Note: The Heritage Foundation’s chart is attached below. FISMA Focus expects cost-benefit analysis to assert a significant influence on the developing federal role in overseeing critical infrastructure protection.
From: Heritage Foundation
David Inserra
Cybersecurity is a vital national security and economic issue. To better inform Congress, Heritage has assembled a cybersecurity chart that seeks to lay bare many of the details of the competing cybersecurity bills, including CISPA, the Cybersecurity Act of 2012, and SECURE IT. While these bills contain many similarities, the differences make them vastly different in their approach, effectiveness, and cost.
The House of Representatives considered various proposals before approving the Cyber Intelligence Sharing and Protection Act (CISPA) in April. CISPA relies on voluntary information sharing among and between the private sector and the government. Heritage released a number of reports on CISPA, including our final analysis of the bill after passage.
Though it started as a strong bill, certain key changes—including the weakening of liability protection and the addition of artificial restrictions on use—made the bill significantly weaker in accomplishing information sharing. CISPA’s general premise of encouraging information still remains, though, and could be improved in conference.
The Senate is currently ground zero for cybersecurity legislation, as two bills battle for votes: the Cybersecurity Act of 2012, by Senators Joseph Lieberman (I–CT) and Susan Collins (R–ME), and the Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology Act of 2012 (SECURE IT) by Senator John McCain (R–AZ). SECURE IT takes a similar approach to CISPA in encouraging voluntary information sharing, but so far it includes stronger liability protections, which is a critical improvement.
Opposed to SECURE IT, the Cybersecurity Act of 2012 uses a different strategy to achieve cybersecurity. Though it includes information-sharing provisions (albeit weaker than SECURE IT), the main focus of the bill is on regulating critical infrastructure. The bill would set in motion a process to determine which facilities and networks need cybersecurity improvements and then require those networks to improve their cybersecurity to some level. Though the Cybersecurity Act tried to be creative in its regulatory efforts, it still faces critical problems of adaptability, cost, and cost-effectiveness.
The Heritage cyber chart describes the position of each bill on information sharing, the role of the government, and costs and regulations that each bill would impose. Before Congress acts, it should closely consider how well each provision improves our security and how cost effective it is.
COMPARISON OF CYBERSECURITY LEGISLATION
Leave a Reply