WASHINGTON (Reuters) - Leading senators introduced a cybersecurity bill on Tuesday aimed at safeguarding the nation’s water and power systems, which experts have warned often only have the most rudimentary protections against hackers.
Senators John Rockefeller and Dianne Feinstein, both Democrats; Susan Collins, a Republican, and Joseph Lieberman, an independent, drafted a comprehensive bill that would require the secretary of homeland security to designate certain infrastructure as critical and compel steps to safeguard against hackers.
“The prospect of mass casualty is what has propelled us to make cybersecurity a top priority for this year, to make it an issue that transcends political parties or ideology,” Rockefeller told the Senate on Tuesday morning.
He noted hackers’ success in breaking into sensitive government agencies and Fortune 500 companies, and warned that air traffic control, rail switching networks and chemical pipelines could be the next target.
Under the bill, some financial networks, or portions of networks, could be deemed critical if damage to them could result in catastrophic economic damage to the country.
The Department of Homeland Security would have the power to penalize companies that do not put in place appropriate safeguards. However, companies that have good security and are hacked anyway will not be liable for damages.
The legislation would also ease information-sharing between the federal government and the private sector to combat cyber crime and espionage, and would require the government to take steps to secure its own networks.
Last, it would update recruitment of cybersecurity experts into the federal workforce.
Senate Majority Leader Harry Reid last year called for the drafting of a comprehensive cybersecurity bill, and this 207-page bill is the product.
Defense contractors such as Lockheed Martin Corp have been among the high-profile victims of cyberattacks. Others include Google Inc, Citigroup and Nasdaq OMX.
Industry has fought back and succeeded in stopping previous cybersecurity bills, even though experts have warned for years that portions of the U.S. critical infrastructure - particularly water and electrical plants - sometimes have woefully inadequate defenses against hackers.
Industry opposes additional regulations as burdensome and argues it should focus on fighting hackers instead of complying with government rules.
Companies will likely try to weaken the measure in coming weeks and months, said James Lewis, a cybersecurity expert for the Center for Strategic and International Studies.
“The spin is that it’s burdensome regulation and will hurt innovation. The counter to that is ‘OK, we’ll sacrifice national security,'” he said. “It would be really nice to have something (legal) in place but just because we need it doesn’t mean we’re going to get it.”
The House of Representatives is considering legislation that overlaps with the Rockefeller bill on some points.
Republican Representative Mac Thornberry, who oversaw the writing of a report outlining Republican priorities, supports regulation to require better cyber defenses for critical companies.
A key difference would be that the companies’ usual regulator, rather than the Department of Homeland Security, would oversee the new regulation.
Reporting By Diane Bartz; Editing by Steve Orlofsky and Richard Chang