Yesterday there were 59 bills introduced in the House and Senate. It was a big day for cybersecurity legislation with four bills introduced:
HR 1918 To amend title 18, United States Code, to provide for clarification as to the meaning of access without authorization, and for other purposes. Rep. Lofgren, Zoe [D-CA-19]
S 1023 A bill to amend the Internal Revenue Code to provide a refundable credit for costs associated with Information Sharing and Analysis Organizations. Sen. Moran, Jerry [R-KS]
S 1027 A bill to require notification of information security breaches and to enhance penalties for cyber criminals, and for other purposes. Sen. Kirk, Mark Steven [R-IL]
S 1030 A bill to amend title 18, United States Code, to provide for clarification as to the meaning of access without authorization, and for other purposes. Sen. Wyden, Ron [D-OR]
HR 1918 and S 1030 are the latest iterations of Aaron’s Law in memory of Aaron Schwartz. They would decriminalize some grey area hacking.
S 1023 would probably have some fairly limited application, but it should encourage cybersecurity information sharing every bit as much as current legislation specifically targeting that sharing. This is likely the last mention of this bill in this blog.
S 1027 is another breach notification bill that probably only affects IT system breaches. Unless there is specific mention of control systems in this bill this is the last time that I will mention this bill.