Cyber Legislation

Nov 10, 2011

Summary: After a request from members of the Senate, the President has drafted proposed legislation based on discussions with representatives from the public and private sector.  The proposal covers issues related to prosecuting cyber criminals, reporting data breaches, voluntary public-private partnerships that involve direct assistance and information sharing, and securing the nation’s critical infrastructure.  The draft also prioritizes the protection of government computers and networks by implementing awareness initiatives, improving management, utilizing intrusion prevention systems, and investing in secure data centers.
Sponsor: White House Office
History: The proposal was released on May 12, 2011 is being discussed in a number of House and Senate Committee meetings as Congress begins the process of drafting federal legislation on cybersecurity. 
http://www.whitehouse.gov/sites/default/files/omb/legislative/letters/La...

BILLS IN SENATE:

S.8 - Tough and Smart National Security Act (A Bill to Strengthen America’s National Security)
Summary: This bill seeks to reform cybersecurity policy to prevent cyber attacks, protect privacy and civil liberties, and avert catastrophic cyber incidents.
Sponsor: Sen. Harry Reid (D-NV)
History: On January 25, 2011, the bill was introduced and referred to the Senate Committee on Foreign Relations.

S. 21 - Cyber Security and American Cyber Competitiveness Act of 2011
Summary: This bill seeks to enhance the security of US government communications networks, increase public-private cooperation to ensure cybersecurity, promote IT investments, improve capabilities to assess cyber risk and deter attacks, prevent identity theft, promote international cooperation, prosecute cyber criminals, and protect privacy.
Sponsor: Sen. Harry Reid (NV)
History: On January 25, 2011, the bill was introduced and referred to the Senate Committee on Homeland Security and Governmental Affairs.

S. 28 - Public Safety Spectrum and Wireless Innovation Act
Summary: This bill aims to increase spectrum access for public safety providers to support a national, interoperable wireless broadband network. It authorizes the FCC to hold incentive auctions to provide funding support for a network. The legislation also directs the establishment of a grant program to assist public safety entities in creating a nationwide public safety interoperable broadband network in the 700 MHz band.
Sponsor:  Sen. John Rockefeller (WI)
History: This bill was introduced on January 25, 2011 and referred to the Senate Committee on Commerce, Science, and Transportation.

S. 372 - Cybersecurity and Internet Safety Standards Act

Summary: This bill seeks to reduce the ability of terrorists, spies, criminals, and other malicious actors to compromise, disrupt, damage, and destroy computer networks, critical infrastructure, and key resources, and for other purposes.  DHS will achieve this by promoting entities in the private sector to develop and enforce voluntary or mandatory minimum cybersecurity and Internet safety standards.
Sponsor: Sen. Ben Cardin (MD)
History: This bill was introduced on February 16, 2011 and referred to the Senate Committee on Commerce, Science, and Transportation.

S. 413 - Cybersecurity and Internet Freedom Act of 2011

Summary: This bill amends the Homeland Security Act of 2002 and other laws to enhance the security and resilience of cyber communications infrastructure of the US. To do so, it molds a new role for CISOs, who would oversee the management of agencies’ security operations centers. This bill establishes a White House Office of Cyberspace Policy with a Senate-confirmed director who would have influence over agencies’ IT security budgets.  There is also a focus on real-time monitoring of government IT systems, and a shift away from paper compliance mandated by FISMA. It prohibits the president from employing a ‘kill switch’ to turn off the Internet in case of a severe cyber attack.
Sponsor: Sen. Joseph Lieberman (CT)
History: On February 17, 2011, the bill was introduced and referred to the Senate Committee on Homeland Security and Governmental Affairs.  The hearing was held on May 23, 2011 and the podcast is available here: http://hsgac.senate.gov/public/index.cfm?FuseAction=Hearings.Hearing&Hea...

S. 709 – Secure Chemical Facilities Act
Summary: This legislation is meant to encourage the enhanced security of chemical facilities.  This bill also states that deterring cyber sabotage, including by preventing unauthorized onsite or remote access to critical process controls, is a top priority when securing chemical facilities in the United States.
Sponsor: Sen. Frank R. Lautenberg (NJ)
History: This bill was introduced on March 31, 2011 and referred to the Senate Committee on Homeland Security and Governmental Affairs.

S. 813 – Cyber Security Public Awareness Act of 2011
Summary: This bill is intended to promote awareness of cyber security.  The bill, once enacted, mandates that different government agencies provide information to Congress on what plans exist for prosecuting cyber criminals, reacting to significant private sector incidents, reporting cybercrime to shareholders, regulating critical infrastructure, protecting the information security supply chain, and trying cyber criminals in federal courts.
Sponsor: Sen. Sheldon Whitehouse (RI)
History: This bill was introduced on April 13, 2011, and referred to the Committee on Homeland Security and Governmental Affairs.

S. 968 – Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011 (PROTECT IP Act)
Summary: This bill intends to enhance enforcement against rogue websites operated and registered overseas, eliminate the financial incentive to steal intellectual property online, and prevent the importation of counterfeit products and infringing devices.
Sponsor: Sen. Patrick Leahy (VT)
History: This legislation was introduced on May 12, 2011 and sent to the Committee on the Judiciary on May 26 where it was substituted with another draft by Senator Leahy.  It was placed on the Senate Legislative Calendar on May 26 under General Orders. Senator Leahy filed a written report on July 22, 2011. Report No. 112-39: http://www.gpo.gov/fdsys/pkg/CRPT-112srpt39/pdf/CRPT-112srpt39.pdf

S.1040 Broadband for First Responders Act of 2011
Summary: This  bill intends to enhance public safety by making more spectrum available to public safety entities, to facilitate the development of a public safety broadband network, to provide standards for the spectrum needs of public safety entities, and for other purposes.
Sponsor: Sen. Joseph Lieberman
History: This bill was introduced on May,19, 2011 and has been  referred to the Committee on Commerce, Science, and Transportation.

S. 1151 Personal Data Privacy and Security Act of 2011
Summary: This bill calls for national standards for data breach notification.  It outlines criminal penalties for companies that do not disclose a data breach of consumer information in a timely manner.  The bill also corresponds with part of the President’s proposed legislation by calling for an update to the Computer Fraud and Abuse Act.
Sponsor: Sen. Patrick Leahy (VT)
History:  This bill was introduced on June 7, 2011 and has been referred to the Senate Committee on the Judiciary.On September 22, it was placed on Senate Legislative Calendar under General Orders. Calendar No. 181.

S. 1152 Cybersecurity Enhancement Act of 2011
Summary: This bill outlines a strategic plan to continue funding for National Science Foundation (NSF) scholarships, encourage research and innovation in the field of cybersecurity at institutions of higher learning, and train future computer security professionals who will use their acquired skills in the federal workforce. 
Sponsor: Sen. Robert Melendez (NJ)
History: The bill was introduced on June 7, 2011 and was referred to the Committee on Commerce, Science, and Transportation.

S. 1207 Data Security and Breach Notification Act of 2011
Summary: This bill would protect consumers by requiring reasonable security policies and procedures to protect data containing personal information, and to provide for nationwide notice in the event of a security breach.  The content of this bill is similar to the SAFE Data Act (H.R. 2577) introduced in the House.
Sponsor: Sen. Mark Pryor (AR)
History: This bill was introduced on June 15, 2011 and referred to the Committee on Commerce, Science, and Transportation

S. 1223 Location Privacy Protection Act of 2011
Summary: This bill would require companies like Google and Apple to notify and receive consent from their users to share their personal information with third-parties.  This bill would close loopholes in current federal law to ensure that consumers know what location information is being collected about them. Once they are notified, consumers would be able to decide what data they are willing to have companies share.
Sponsor: Sen. Al Franken (MN)
History:  This bill was introduced on June 16, 2011.  The sponsors have held hearings and met privately with companies like Apple and Google about the data they gather from their consumers and what can be done to allow the consumers to decide what personal data can be shared.

S.1342 Grid Cyber Security Act of 2011
Summary: This bill is supposed to amend the Federal Power Act to protect the bulk-power system and electric infrastructure critical to the defense of the United States against cyber security and other threats and vulnerabilities.
Sponsor: Sen. Jeff Bingaman
History:  This bill was placed on the Senate Legislative Calendar under General Orders. Calendar No. 101.

S. 1408 Data Breach Notification Act of 2011
Summary:  This bill would determine the proper course of action for a company that has experienced a data breach. The bill also discusses methods of notification, the role of law enforcement, and exemptions in particular cases when necessary.
Sponsor: Sen. Dianne Feinstein (CA)
History: This is the third piece of legislation in the Senate related to data breach notification.  It was introduced on July 22, 2011 and referred to the Senate Committee on the Judiciary.

Ordered to be reported with an amendment.

S. 1434 A bill to protect consumer information and require notice of security breaches.
Summary:  This bill is similar to S. 1408 and S. 1207.  It would require financial establishments, retailers, and federal agencies to protect sensitive information and to notify consumers after a data breach.  The Senators sponsoring this bill want to establish a national standard that can be uniformly implemented in all of the states.
Sponsor: Sen Thomas R. Carper (DE)
History: This bill was introduced on July 28, 2011 and was referred to the Senate Committee on Banking, Housing, and Urban Affairs.
News: http://thehill.com/blogs/hillicon-valley/technology/174139-senators-intr...

S.1469 : International Cybercrime Reporting and Cooperation Act
Summary: This bill intends to require reporting on the capacity of foreign countries to combat cybercrime, to develop action plans to improve the capacity of certain countries to combat cybercrime, and for other purposes
Sponsor: Sen Gillibrand, Kirsten E. [NY] (introduced 8/2/2011)     
History: This bill was introduced on August 2, 2011 and has been referred to the Senate Foreign Relations committee. Status: Read twice and referred to the Committee on Foreign Relations.

S. _____ Cloud Computing Act of 2011
Summary: This bill is expected to form new enforcement tools for investigating and prosecuting hackers and will encourage the federal government to negotiate with other countries to establish consistent laws related to online security and cloud computing.
Sponsor(s): Sen. Amy Klobuchar (MN) and Sen. Orrin Hatch (UT)
History: The bill has not been introduced yet.  Senators Klobuchar and Hatch are in the process of discussing the details of the bill with representatives from government and the private sector.
News: http://www.lookscloudy.com/2011/04/minnesota-senator-to-introduce-cloud-computing-bill/  

S. _____ Legislation on Securing the U.S. Electrical Grid
Summary: Recognizing the threat posed to national critical infrastructure, this legislation is expected to address the safety and security of the country’s electrical grid.  Sources say that responsibility for direct intervention and response will lie with the Department of Energy in the case of a cyber attack on an electrical grid, and FERC would be in charge of cyber policing efforts.
Sponsor(s): Sens. Jeff Bingaman (NM) and Lisa Murkowski (AK)
History:  There is worry that a balance and power distribution already exists between the Federal Energy Regulatory Commission (FERC) and the North American Electrical Reliability Corporation (NERC), which represents the industry and is responsible for monitoring and regulating the nation’s electrical power systems.  Discussions are currently taking place in the Senate Committee on Energy and Natural Resources that Senator Bingaman chairs.
News: http://www.powergenworldwide.com/index/display/wire-news-display/1414135...

BILLS IN HOUSE:

H.R. 76 - Cybersecurity Education Enhancement Act

Summary: This bill authorizes the Secretary of Homeland Security, in conjunction with the National Science Foundation (NSF), to establish a program to give grants to institutions with cybersecurity professional development programs, and establish an E-Security Fellows Program.
Sponsor: Rep. Sheila Jackson-Lee (TX-18)
History: This bill was introduced on January 5, 2011 and referred to the House Subcommittee on Higher Education and Workforce Training on February 25, 2011; the Subcommittee on Research and Science Education; and the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies.

H.R. 96 - Internet Freedom Act
Summary: This bill bars the FCC from any regulation of the Internet or IP-enabled services. The only exceptions are actions that will prevent damage to U.S. national security, ensure public safety, or assist and facilitate any actions taken by federal and state law enforcement agencies.
Sponsor: Rep. Marsha Blackburn (TN-07)
History: This bill was introduced on January 5, 2011 and was referred to the House Subcommittee on Communications and Technology on February 1, 2011. 
News: Downes, Larry. “Tech Priorities for New Congress: From Old to New” CNET News, 01/19/2011. Accessed 03/03/2011: http://news.cnet.com/8301-13578_3-20028935-38.html

H.R. 174 - Homeland Security Cyber and Physical Infrastructure Protection Act
Summary: This bill amends the Homeland Security Act of 2002 to establish a cybersecurity compliance division in the Office of Cybersecurity and Communications. It requires the Assistant Secretary to chair an interagency working group to develop cybersecurity requirements for government computer networks and critical infrastructure. It also gives DHS stronger authority to take action against noncompliance, as well as to suggest cybersecurity requirements for private sector companies classified as critical infrastructure.
Sponsor: Rep. Bennie G. Thompson (MS-02)
History: This bill was introduced on January 5, 2011 and was referred to the House Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology on January 31.

H.RES.446 - Constitutional Preservation Resolution
Summary: This bill intends to support the goals and ideals of National Cyber Security Awareness Month and raising awareness and enhancing the state of cyber security in the United States.
Sponsor: Rep Langevin, James R.
History: This bill was introduced on October 24, 2011 and has been referred to the House Committee on Science, Space, and Technology.

H.R. 607 - Broadband for First Responders Act of 2011
Summary: This bill seeks to increase spectrum availability to public safety agencies, to develop a wireless public safety broadband network, and to provide standards for the spectrum needs of public safety agencies.
Sponsor: Rep. Peter T. King (NY-03)
History: This bill was introduced on February 10, 2011 and referred to the House Subcommittee on Communications and Technology on February 28.

H.R. 668 – Secure High-voltage Infrastructure for Electricity from Lethal Damage Act (SHIELD Act)
Summary: This bill intends to amend the Federal Power Act to authorize the Federal Energy Regulatory Commission (FERC) to order emergency measures to protect the reliability of either the bulk-power system or the defense critical electric infrastructure whenever the President issues a written directive or determination identifying an imminent grid security threat.  It also describes the role of the Electronic Reliability Organization (ERO) in drafting reliability standards and the Secretary of Energy in remaining up-to-date on the threat environment.
Sponsor: Rep. Trent Franks (AZ-02)
History: The bill was introduced on February 11, 2011 and was referred to the House Subcommittee on Energy and Power on February 18.
 
H.R. 1136 - Executive Cyberspace Coordination Act

Summary: This legislation is meant to amend Chapter 35 of Title 44, United States Code, to create the National Office for Cyberspace and the Office of the Chief Technology Officer, to revise requirements relating to Federal information security, and for other purposes.
Sponsor: Rep. Jim Langevin (RI-2)
History: This bill was introduced on March 16, 2011 and referred to the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies.

H.R. 1389 – Global Online Freedom Act of 2011
Summary: This bill is intended to prevent United States businesses from cooperating with repressive governments in transforming the Internet into a tool of censorship and surveillance, to fulfill the responsibility of the United States to promote freedom of expression on the Internet, to restore public confidence in the integrity of United States businesses.
Sponsor: Rep. Chris Smith (NJ-04)
History: This bill was introduced on April 6, 2011 and referred to the Committee on Foreign Affairs and its Subcommittee on Africa, Global Health, and Human Rights, as well as the Committee on Energy and Commerce and its Subcommittee on Communications and Technology.

H.R. 1540 – National Defense Authorization Act for Fiscal Year 2012

Summary: This bill relates to military expenditures for the 2012 fiscal year.  The bill expands existing fellowships related to cybersecurity for DoD personnel; allows for foreign military attachés to be temporarily assigned to DoD cyber programs; and emphasizes the cyber threat China poses to the United States that should be monitored by the DoD.  Department of Defense cyber expenditures for the next fiscal year will total over $126 million.  
Sponsor: Rep. Howard “Buck” McKeon (CA-25)
History: This legislation was introduced on April 14, 2011 and passed through the House on May 26, 2011 with a vote of 322-96.It was received in the Senate on June 6, 2011 and referred to the Committee on Armed Services.

H.R. 2096 – Cybersecurity Enhancement Act of 2011
Summary: This bill is similar to S. 1152.  It outlines a strategic plan that would continue funding for National Science Foundation (NSF) scholarships, encourage research and innovation in the field of cybersecurity at institutions of higher learning, and train future computer security professionals who will use their acquired skills in the federal workforce. 
Sponsor: Rep. Michael T. McCaul (TX-10)
History: This bill was introduced on June 2, 2011 and was referred to the House Committee on Science, Space, and Technology. The bill was unanimously approved by the committee on July 21, 2011.

H.R. 2577 – Secure and Fortify Electronic (SAFE) Data Act

Summary:  This bill would require companies to notify affected customers about data breaches, and would require businesses holding personal information to establish data security programs.
Sponsor: Rep. Mary Bono Mack (CA-45)
History: This bill was introduced on July 18, 2011 and has been referred to the House Committee on Energy and Commerce.  The committee’s trade subcommittee approved the bill on July 20, 2011 and will now be debated and voted on in the full committee.

------------------------------------------

This information has been compiled by Maschenka Braganca, Jarrod Rifkind and Katrina Timlin.

All information is gathered from the following sources unless otherwise indicated: THOMAS (Library of Congress). Web. 25 July . 2011. <http://thomas.loc.gov/>. GovTrack.us: Tracking the U.S. Congress. Web. 26 July 2011. <http://www.govtrack.us/>.

This is an initial compilation of cyber legislation in Congress and will be updated to reflect new developments.  Please feel free to contact our program at techpolicy@csis.org if we have overlooked any bills or recent progress.