Seven senior Republicans in the U.S. Senate have introduced cybersecurity legislation after saying that an earlier bill would create costly regulations for businesses.
The sponsors of the new Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology (SECURE IT) Act also complained that they did not have enough input on the earlier legislation.
The Republican senators, including John McCain of Arizona, Kay Bailey Hutchison of Texas and Chuck Grassley of Iowa, introduced the SECURE IT Act on Thursday. They touted the bill as a less regulatory alternative to the Cybersecurity Act, a bill introduced by two Democrats, an independent and a Republican in February.
"The SECURE IT Act strengthens America's cybersecurity by promoting collaboration and information-sharing, updating our criminal laws to account for the growing cyber threat and enhancing research programs to protect our critical networks," McCain said in a statement. "This legislation will help us begin to meet the very real threat of cyber attack."
The Cybersecurity Act would allow the secretary of the U.S. Department of Homeland Security to designate some private networks as critical infrastructure and require them to submit security plans to the agency. But the SECURE IT Act has no such regulations, instead focusing on encouraging private companies and the federal government to share more information about cyberthreats, sponsors said.
The new bill would give legal protections to private groups that share information about cyberthreats. The older bill also includes some information-sharing provisions, but critics have said legal protections would cover only businesses that share information with the U.S. government.
The new bill would also increase the prison terms for many cybercrimes, with the prison sentence for knowingly accessing a computer without authorization and obtaining national defense information increased from 10 to 20 years. The penalty for intentionally accessing a federal computer without authorization or a computer containing financial records would increase from one to three years, or from five to 10 years if the offense was committed for purposes of private financial gain.
The Cybersecurity Act does not change criminal penalties.
"Our bill represents a new way forward in protecting the American people and the country's cyber infrastructure from attack," Grassley said in a statement. "It's a bill that can be supported by all partners that have an interest in cybersecurity. Instead of the heavy hand of the government, our approach promotes information sharing and keeps the taxpayers' wallets close."
Some groups had expressed concern that the new bill would allow the U.S. National Security Agency to monitor U.S. networks in the name of cybersecurity. The SECURE IT Act does not expand the NSA's role, however.
The sponsors of the competing Cybersecurity Act, including Senator Joe Lieberman, a Connecticut independent, said they were "encouraged" by lawmakers' recognition of the need for new cybersecurity legislation.
Trade groups the United States Telecom Association (USTelecom), CTIA and TechAmerica all praised the new bill. TechAmerica, in a statement, encouraged the sponsors of the two bills to work together "to create the best possible, bipartisan framework to enhance our nation's cybersecurity."
USTelecom said it can support the new bill because it could strengthen cybersecurity "without creating new bureaucracies or regulatory mandates that would erode, rather than enhance, the ability of network providers to provide nimble and effective responses to cyberthreats."
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is [email protected]