A group of senators introduced a bill earlier this week that calls for the U.S. government to determine which infrastructure firms are, in fact, "critical," and could force these companies to develop and meet security standards.
The Cybersecurity Act of 2012 calls for the Department of Homeland Security to assess the risks major cyberattacks pose to power plants, electrical and water companies, waste-treatment facilities and other infrastructure systems.
What exactly is 'critical?'
As worded in the legislation, companies "whose disruption from a cyber attack would cause mass death, evacuation, or major damage to the economy, national security, or daily life," would fall under the definition of critical infrastructure.
These companies would then have to work with the DHS to develop and comply with security standards and "cybersecurity performance requirements." Firms would retain the right to appeal the "critical infrastructure" designation.
The act was introduced on Tuesday (Feb. 14) by Senators Joseph Lieberman (I-Conn.), Jay Rockefeller (D-W.Va.), Susan Collins (R-Maine) and Dianne Feinstein (D-Calif.).
Preparing for battle
"This bill would begin to arm us for battle in a war against the cyber mayhem that is being waged against us by our nation's enemies, organized criminal gangs, and terrorists who would use the Internet against us as surely as they turned airliners into guided missiles," Lieberman wrote in the bill's introduction.
[The End of Malware? Cybersecurity Predictions for 2022]
"Thenation responded after 9/11 to improve its security," Lieberman added. "Now we must respond to this challenge so that a cyber 9/11 attack on American never happens."
Rockefeller said the bill addresses the most pressing issue facing America at the moment, and that it is a crucial step in securing the Internet from hackers who are"stealing information from Fortune 500 companies, breaking into the networks of our government and security agencies and toying with the networks that power our economy."
"The new frontier in the war against terrorists is being fought online and this bill will level the playing field," Rockefeller added.
The DHS, under the Cybersecurity Act of 2012, would also consolidate its current cybersecurity programs under one roof, the National Center for Cybersecurity and Communications.
This is NOT Sopa, lawmakers say
Especially significant to opponents of governmental Internet regulation, the scope of the proposed bill is restrained and primarily addresses critical infrastructure issues while excluding "the vast majority of commercial systems and Internet infrastructure itself from coverage," according to Ars Technica's Sean Gallagher.
In a Feb. 14 article, Gallagher argues that the bill's explicit avoidance of regulation toward network services is a reaction on the lawmakers' part to the massive backlash over the Stop Online Piracy Act, or SOPA, the House's recently introduced — and subsequently shelved — bill that sought to give the government the power to block access to foreign sites hosting copyrighted materials.
SOPA drew hordes of vocal opponents, including, famously, Wikipedia, which went dark for a day to protest the bill.
The new bill's sponsors said it "in no way resembles" SOPA, and deals instead with "the security of systems that control the essential services that keep our nation running — for instance, power, water and transportation."
The final draft of the Cybersecurity Act of 2012 steers away from SOPA-like provisions, Gallagher said, partly in response to concerns raised among tech industry executives who opposed early drafts that would have granted the government the ability to take over cloud providers and privately owned networks.