Republicans offer hands-off approach to cybersecurity

Senate Republicans, led by Sen. John McCain (R-Ariz.), on March 1 unveiled a new cybersecurity bill that puts the onus on industry to protect networks and offers no new mandates or funding.

The Republicans’ bill is an answer to another, bipartisan bill offered up on Feb. 14 that they believe to be overreaching in authority. That bill, the Cybersecurity Act of 2012, would expand the authority of the Homeland Security Department, implement new regulations to protect critical infrastructure and create a new National Center for Cybersecurity and Communications.

“The only government actions allowed by our bill are to get information voluntarily from the private sector and to share information back,” McCain said of his bill, dubbed the Strengthening and Enhancing Cybersecurity by Using Research, Education, Information and Technology (SECURE IT) Act. “We have no government monitoring, no government takeover of the Internet and no government intrusions.”

The SECURE IT Act instead focuses on voluntary sharing of cyber-threat information between industries and government, including by easing anti-trust laws that restrict information-sharing between private companies and offering legal protection to companies that take proactive measures to protect their networks. It also aims to reform federal cybersecurity standards.

The new bill, which relies on existing federal cybersecurity organizations to coordinate cybersecurity action rather than establishing new centers, additionally toughens punishment for cyber criminals, whereas the Feb. 14 bill does not.

“Rather than arming Homeland Security with expansive new regulatory authority over every sector of our economy, the SECURE IT cyber bill we’ve introduced today emphasizes a partnership approach between the government and private entities,” Sen. Lisa Murkowski (R-Alaska) said in a press briefing during which the Republican bill was introduced.

The older, bipartisan-backed bill included measures that would require upgrades to critical infrastructure; in some cases it would designate certain private networks as critical infrastructure and compel them to be secured according to federal standards.

A handful of industry groups have already issued statements in support of the SECURE IT Act.

“We were pleased to see the inclusion of enhanced penalties for cyber criminals. As much as we strive to prevent attacks, there must also be consequences for those that are behind them,” TechAmerica’s acting president & CEO Dan Varroney said in a released statement, which also lauded Congress’ efforts in boosting national cybersecurity. “It is very encouraging to see a focus on cybersecurity by so many members of the Senate, and we urge the authors of both bills to work together to create the best possible, bipartisan framework to enhance our nation’s cybersecurity.”

However, some industry experts had already expressed concerns that the earlier Cybersecurity Act didn’t go far enough – and the new bill stops far short of the measures included in the earlier legislation, a fact the Republicans highlighted in introducing SECURE IT.

“As currently drafted [the Cybersecurity Act of 2012] includes significant loopholes that would keep our nation at risk,” Jim Lewis, director and senior fellow of the Technology and Public Policy Program at the Center for Strategic and International Studies, said at a Feb. 16 Senate hearing. “Some of these loopholes are intended to accommodate industry concerns. These industry concerns are understandable and the bill makes reasonable efforts to accommodate them. However, in a few instances, the language to assuage industry concerns goes too far and ends up putting national security at risk.”

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.


  • Shutterstock imag (by Benjamin Haas): cyber coded team.

    What keeps govtech leaders up at night?

    A joint survey by Grant Thornton and PSC found that IT stakeholders in government fear their own employees and outdated systems the most when it comes to cybersecurity.

  • SEC Chairman Jay Clayton

    SEC owns up to 2016 breach

    A key database of financial information was breached in 2016, possibly in support of insider trading, said the Securities and Exchange Commission.

  • Image from

    DOD looks to get aggressive about cloud adoption

    Defense leaders and Congress are looking to encourage more aggressive cloud policies and prod reluctant agencies to embrace experimentation and risk-taking.

  • Shutterstock / Pictofigo

    The next big thing in IT procurement

    Steve Kelman talks to the agencies that have embraced tech demos in their acquisition efforts -- and urges others in government to give it a try.

  • broken lock

    DHS bans Kaspersky from federal systems

    The Department of Homeland Security banned the Russian cybersecurity company Kaspersky Lab’s products from federal agencies in a new binding operational directive.

  • man planning layoffs

    USDA looks to cut CIOs as part of reorg

    The Department of Agriculture is looking to cut down on the number of agency CIOs in the name of efficiency and better communication across mission areas.

Reader comments

Sun, Mar 4, 2012

how winsome it is then that the Federal government claims COTS lies at the heart of its IT/IA acquisition strategy!!!

Sun, Mar 4, 2012

so honestly think a DHS with prescriptive powers (a DHS that already owns telecommunications and Federal Cyber Security in addition to CIP)...a DHS that runs all those invasive airport the way to go? your hyperbole is off the mark. McCain understands the magnitude of the problem...we all do. the issue is what the solution should be, who pays for it, and how much liberty is sacrificed in the process. the last matters...a lot. and you're wrong in implying there is no accountability....go research how HHS is bounty hunting based on HIPPA and Stimulus Act incentives. btw...while emerging NIST and other Federal Agency IA guidance is impressive......please note that execution is decentralized.

Fri, Mar 2, 2012

The SECURE IT bill does not address the problem. It's a knee-jerk reflex reaction. It's not even worth reporting on, except as an example of how Congress knows very little.

Fri, Mar 2, 2012

If everything is "voluntary" in SECURE IT, what's the purpose/value? Most voluntary relationships of this nature are administered by "user group" organizations (of which there are already many with private industry and govt participation/collaboration).

Fri, Mar 2, 2012 vic

This new position by McCain and others evidences a COMPLETE lack of understanding of the MAGNITUDE of the problem and the CONTINUING exploits of information technology and the systems that SAFE IT is critical to. McCain does not seem to understand that NO ONE will fix risks that AMERICANS are COLLECTIVELY subject to UNLESS the currently IRRESPONSIBLE parties are HELD RESPONSIBLE. If you doubt this, you aren't paying ANY attention and probably DON'T understand. Note: COnsider what China is doing in this space: 1) aggressively SECURING their networks; 2) Aggressively exploiting ours. Hello???

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group