Sen. Joseph Lieberman, I-Conn., has revised his cybersecurity bill “to try carrots instead of sticks as we begin to improve our cyber defenses,” he said.
The bill has the endorsement of President Obama, who, in an op-ed in The Wall Street Journal Thursday, urged the Senate to pass the bill so he could sign it into law.
Under the bill, owners of critical infrastructure — such as dams, energy and water systems — would voluntarily show they meet certain cybersecurity practices through a third-party verification or certification. By volunteering, they would be eligible for benefits, such as liability protections in the event of a cyber attack on their systems, expedited security clearances and priority assistance with cybersecurity issues.
The bill would establish a multi–agency council chaired by the secretary of the Department of Homeland Security to assess the risks and vulnerabilities of critical systems and work with industry to develop voluntary security practices.
The first iteration of the bill would have authorized DHS to regulate security standards for privately owned critical systems.
The revised bill uses “incentives rather than mandatory regulations,” Lieberman said.
The bill is expected to win a motion to proceed, which would assume there is wide support for the bill.
Sen. John McCain, R-Ariz., and seven Republican co-sponsors introduced their own bill in March that promotes voluntary information sharing of cyber threats between government and industry through existing partnerships.