Jennifer Granick at the Stanford Center for Internet and Society has a good post on the Cybersecurity Act, now pending in the U.S. Senate, authored by Sen. Joseph Lieberman (D-Conn.), Sen. Dianne Feinstein (D-Calif.), Sen. Jay Rockefeller (D-W.Va.) and Sen. Susan Collins (R-Maine).
Jennifer also includes a link to her annotated version ([pdf]) of the bill. The bill is 211 pages. So any annotations are very helpful.
Jennifer says that the bill is “a step forward for those who see government implementation of state of the art security practices lagging behind.” But she emphasizes that the legislation “needs work,” especially to narrow the amount of government cyberspying the bill permits.
The bill already reflects some work by privacy advocates. Amendments that have been inserted to the bill to curtail government civil-liberties incursions are explained by Michelle Richardson in a post on the ACLU’s Washington Markup blog.
The bill, in its current form, does not weigh heavily on private industry, since it offers only “guidelines” for non-government actors, not regulations. But, as Jennifer notes, a report on national cybersecurity issues concludes that voluntary efforts on the part of industry “will be inadequate against advanced nation-state opponents.” In other words, the wisdom is that we will need government regs to keep the power company safe from North Korea.