In response to a wide-reaching IT security law proposed in Congress, a group of Senators has introduced a different, more business-friendly bill.
The bill, called the Secure IT Act, was introduced in the Senate on March 1 by the top Republicans on eight committees. If it’s passed, it will encourage businesses to share information about IT security threats with the government, create security standards for federal agencies, and increase penalties for cybercriminals.
The bill was proposed in response to the bipartisan Cybersecurity Act of 2012 that was introduced last month. That competing proposal would allow the Department of Homeland Security (DHS) to set new IT security requirements for organizations that support the country’s “critical infrastructure.”
The Cybersecurity Act would leave it up to the DHS to decide what organizations fall into that category, though firms would be able to appeal a decision. Covered organizations could include private businesses in the banking and finance industry, companies providing water and electric utilities, and businesses in the transportation sector.
The law would require the DHS to work with companies to develop security plans and penalize companies that can’t show they’re secure.
Some organizations and opponents in Congress have claimed that bill would give the federal government too much control over private businesses and increase those companies’ IT costs.
The sponsors of the Secure IT Act say their bill includes fewer regulations for businesses. That bill does away with new requirements for private organizations, and instead would encourage companies and the government to share more information about security threats and incidents.
The proposed IT security law would also increase penalties for many cybercrimes, such as knowingly accessing a computer system without authorization.
A version of the Secure IT Act is also being prepared in the House, The Hill reports. We’ll keep you posted on this and other proposed IT security laws.