The U.S. government and companies operating vital computer networks would be encouraged to share information about cybersecurity threats under a bill introduced today by House Republicans.
Companies including Verizon Communications Inc., Comcast Corp. and Consolidated Edison Inc. would be offered incentives, such as protection from lawsuits, in exchange for sharing cyber threat information with the government, Representative Mary Bono Mack, a California Republican, said in a statement.
“Under our legislation, our nation’s best and brightest minds will finally be freed to work hand-in-hand to share information, develop safety protocols and put into place critical early-warning systems,” Bono Mack said.
The bill is almost identical to legislation introduced March 1 by Senate Republicans led by John McCain of Arizona, Ken Johnson, a Bono Mack spokesman, said in an e-mail. It serves as a marker in the U.S. House of Representatives as Congress debates how to strengthen computer defenses at banks, power grids and telecommunications companies.
Lawmakers and regulators are pushing for cybersecurity legislation following assaults last year on companies including New York-based Citigroup Inc., the third-largest U.S. bank by assets, and Bethesda, Maryland-based Lockheed Martin Corp., the world’s largest defense company.
Bono Mack introduced her bill with Representative Marsha Blackburn, a Tennessee Republican.
“It puts the private sector in the driver’s seat, instead of relying on overly prescriptive government mandates that hamper growth and weaken response capabilities,” Blackburn said in a statement. “Incentive-based security works better than heavy-handed mandates.”
The measure would let companies share and receive threat data with each other and the government through any federal cybersecurity center, including the National Security Agency. The military’s U.S. Cyber Command is housed under the National Security Agency.
The bill offers companies incentives to encourage information sharing, such as protection from civil, criminal or antitrust lawsuits. The measure would exempt shared data from public disclosure and preempt state laws regulating information sharing.
Companies contracted by the government for telecommunications or cybersecurity services would be required to report cyber attacks related to those services to agencies, according to the bill. The requirement wouldn’t apply to companies already under contract on the date the bill would be enacted -- a change from McCain’s bill.
The Bono Mack bill would direct the Commerce Department to issue mandates to ensure agencies are protecting data and computers. The mandates are intended to help ensure agencies are complying with the 2002 Federal Information Security Management Act.
The bill would set criminal penalties for hacking vital computer networks, including systems that support gas and oil delivery, water supply, electrical power delivery and banking operations. Convicted offenders could face as much as 20 years in prison.
Senate Democrats and President Barack Obama’s administration support an alternative bill introduced Feb. 14 that would place new requirements on companies to protect vital computer networks.
That measure, introduced by Senator Joe Lieberman, a Connecticut independent, would give the Homeland Security Department the ability to identify essential systems. The agency would set regulations for operators of critical networks to improve security, and companies would have to prove their networks are secure or face penalties.
Senate Majority Leader Harry Reid, a Nevada Democrat, plans to bring the bill to the Senate floor for debate in the coming weeks, although no specific date has been set.
Lieberman’s bill is S. 2105. McCain’s bill is S. 2151. Bono Mack’s bill is H.R. 4263.