S 372 Introduced – Cyber Security

Last week Sen. Cardin (D, MD) introduced S. 372, the Cybersecurity and Internet Safety Standards Act. It’s a high sounding title and addresses a serious potential security problem by requiring another study. I know that studies are important, but there comes a time when Congress must actually propose solutions to the problems it has identified.

If you want a sweeping description of the cyber security problem, this bill is willing to provide it. The findings section of the bill {§3(3)} notes that:

“The Government and the private sector need to work together to develop and enforce minimum voluntary or mandatory cybersecurity and Internet safety standards for users of computers to prevent terrorists, criminals, spies, and other malicious actors from compromising, disrupting, damaging, or destroying the computer networks, critical infrastructure, and key resources of the United States.”

Such a sweeping, all encompassing problem statement requires an equally sweeping study requirement. Section 4 of the legislation requires:

“The Secretary, in consultation with the Attorney General, the Secretary of Commerce, and the Director of National Intelligence, shall conduct an analysis to determine the costs and benefits of requiring providers to develop and enforce voluntary or mandatory minimum cybersecurity and Internet safety standards for users of computers to prevent terrorists, criminals, spies, and other malicious actors from compromising, disrupting, damaging, or destroying computer networks, critical infrastructure, and key resources.”

To make it perfectly clear that this is truly a sweeping study, a study to end all studies, a study to put the matter once and for all completely to rest, the bill goes on to ensure that the Secretary examines:

● “all relevant factors, including the effect that the development and enforcement of minimum voluntary or mandatory cybersecurity and Internet safety standards may have on homeland security, the global economy, innovation, individual liberty, and privacy; and” {§4(b)(1)}

● “any legal impediments that may exist to the implementation of such standards.” {§4(b)(2)}

When the Secretary files this most comprehensive report with Congress in a year, there will no longer be any reason for Congress not to be able to solve all of the cyber security ills of the world in a single piece of comprehensive, all encompassing and perfect cyber security legislation.

Please forgive the virulent sarcasm, but I am sick and tired of Congress trying to dump its inability to legislate on the Executive Branch. Let’s give this bill no additional attention and pass on to real legislation that actually does something.

BTW: The GPO web site is having some sort of problem and does not recognize the link to this and a couple of other bills. The copy of the bill I used for this review can be found on Thomas.loc.gov by searching for S 372.