S 21 is a Cyber Joke

I did a brief blog posting last week mentioning that Sen. Reid (D,NV) introduced the first cybersecurity bill of the 112th Congress; S 21, the Cyber Security and American Cyber Competitiveness Act of 2011. I also mentioned that it looked to be promising because both Sen. Rockefeller (D,WV) and Sen. Lieberman (I,CT) were cosponsors. I had hoped that it would actually be a combination of their separate bills from the last session. I’m sorry that I got anyone’s hopes up.

The GPO finally has a version of S 21IS available on-line and I can see why it took so long to get it printed, the folks at the GPO could not stop laughing. Sen. Reid, et al, have produced one of the most useless, do nothing pieces of legislation that I have ever seen. Congressional resolutions honoring ping-pong champions at Division V colleges have more of an effect than does this legislation.

This five page bill consists of three sections:

● Section 1 – Short title
● Section 2 – Congressional Findings
● Section 3 – Sense of Congress (an oxymoron if I ever heard one)

The Congressional Findings section provides a very generic list of the cyber security problems facing cyber information systems; nary a mention of control system security. There are five separate findings listed. I’ll only waste your time a little bit by posting just the first; §2(1):

“Malicious state, terrorist, and criminal actors exploiting vulnerabilities in information and communications networks and gaps in cyber security pose one of the most serious and rapidly growing threats to both the national security and economy of the United States.”

The ‘Sense of Congress’ section of the bill is where one would expect to find the action items, and it is there. Sen. Reid, et al, suggest “that Congress should enact, and the President should sign, bipartisan legislation to secure the United States against cyber attack, to enhance American competitiveness and create jobs in the information technology industry, and to protect the identities and sensitive information of American citizens and businesses”.

And what should that ground breaking legislation do? Not this bill but the bill that this bill would encourage Congress to pass. Well the Non-sense of Congress provides 10 suggested areas that the bill should address. Again I will only thrill you with the first objective {§3(1)}:

“(E)nhancing the security and resiliency of United States Government communications and information networks against cyber attack by nation states, terrorists, and cyber criminals;”

I’m glad to see Sen. Reid, et al, taking such forthright action on such a critical issue. Oh, I’m sorry, I jumped the gun. This bill only encourages Congress to enact such ground breaking legislation. I suppose it could be worse; we could see a bill next week encouraging members of Congress to pass S 21.

Hopefully, the Senate will take no additional action on this bill.