Senators Introduce Bill to Require Numerous Cyber Security Studies

April 13, 2011. Sen. Sheldon Whitehouse (D-RI) and Sen. Jon Kyl (R-AZ) introduced S 813 [LOC | WW], the "Cyber Security Public Awareness Act of 2011", a bill to mandate the writing of numerous reports related to cyber security.

This bill would require the Department of Homeland Security (DHS) to write annual reports for the Congress that summarize "major cyber incidents involving networks of executive agencies", other than the Department of Defense (DOD), which would be tasked by this bill with writing its own annual report.

This bill would require the Department of Justice (DOJ) and the DOJ's Federal Bureau of Investigation (FBI) to write annual reports for the Congress "describing investigations and prosecutions by the Department of Justice relating to cyber intrusions or other cybercrimes the preceding year".

This bill would require the "primary regulator for each critical industry", including the Federal Communications Commission (FCC) for "the communications industry", to write annual reports on the "nature and state of the vulnerabilities to cyber attacks", the "prevalence and seriousness of cyber attacks", and "recommended steps to thwart or diminish cyber attacks", in each critical industry.

The bill would require another DHS report on "foreign suppliers of information technology", which "identifies specific telecommunications networks" of the US that include such foreign supplied technology, and that "assesses the vulnerability to malicious activity, including cyber crime or espionage, of the telecommunications networks of the United States ... due to the presence" of such foreign supplied technology.

The bill would require the DOJ to submit one report "on whether Federal courts have granted timely relief in matters relating to botnets and other cybercrime and cyber security threats".

The bill would require the DHS to enter into a contract with the National Research Council, or another federally funded research and development corporation, on "available technical options ... for enhancing the security of the information networks of entities that own or manage critical infrastructure through ... technical improvements, including developing a secure domain" or "increased notice of and consent to the use of technologies to scan for, detect, and defeat cyber security threats, such as technologies used in a secure domain".

The bill would require the DHS to write a report that on the "threat of a cyber attack disrupting the electrical grid".

The bill would require the DHS to write a report that "describes policies and procedures for Federal agencies to assist a private sector entity in the defending of the information networks of the private sector entity against cyber threats that could result in loss of life or significant harm to the national economy or national security".

This bill was referred to the Senate Homeland Security and Governmental Affairs Committee.