Earlier this year, the House proved yet again that it doesn't care about your privacy by passing CISPA. The controversial cybersecurity bill would let the government and private companies easily share information to counter cyber threats. Now the Senate has finally gotten around to drafting its own legislation, but it's nothing like CISPA. It's not like it matters though.
So, who would be creating these standards? As it stands, the bill tasks the National Institute of Standards and Technology to create "voluntary cybersecurity standards and best practices for critical infrastructure, such as banks and power plants."
The bill doesn't stop there, however, as it would also help improve research and education relating to cybersecurity. The latter is especially important as many people still aren't aware of just how much malware is on the Web.
As you can see, the proposed bill contains nothing about information sharing. That doesn't mean the Senate doesn't want to pass its own version of CISPA though. Sen. Jay Rockefeller, who just so happens to be the chairman of the Committee for Commerce, Science and Transportation, says he would support legislation that enabled information sharing. That won't come until later down the road, however, and the Senate bill will probably once again look different from the House's CISPA.
It should be noted that bills like CISPA and CSA are actually kind of pointless. We now know that the NSA is collecting information on foreign threats and Americans alike through programs like PRISM. Leaked documents have also shown that the data collected by the agency can be used for cybersecurity purposes. Kind of makes the White House's response to CISPA seem a little disingenuous in light of recent statements from the administration.
But I digress, cybersecurity standards are incredibly important, and its encouraging to see the Senate only make them voluntary. It's not like I don't have faith in the National Institute for Standards and Technology, but mandatory standards are rarely a good thing when it comes to technology. The ever changing nature of it requires people that actually know what they're doing to apply new standards as new threats emerge.