As a major cyber security bill wends its way through the congressional chambers, some key organizations are trying to knock the wind out of it. Civil libertarians and privacy rights activists are saying that the measure would do more harm than good -- a notion that is refuted by its sponsors who say that time is of the essence.

The matter could hit the floor of the U.S. Senate in weeks. And while all lawmakers in both the House and Senate can agree that the country must beef up protections to its power plants and transmission lines, that’s where the consensus ends. The measure now pending is lauded by some who say that it defends “critical assets” and loathed by others who say that it is both too onerous and too intrusive.

The Cyber Security Act of 2012 is opposed by 34 different privacy and civil liberties groups from across the ideological spectrum. They are saying that if the bill were to pass, it would give Facebook, Microsoft and Verizon the ability to share information about their customers -- all in the name of national security.

“However, in the push to increase security, the bill would essentially bypass all existing privacy laws and allow companies to share private, and potentially sensitive, communications and records with the government, even if that personal information is not necessary to describe a cyber security threat,” says Sharon Bradford Franklin, who is senior counsel to The Constitution Project.

Sympathizers in Congress are adding that the pending measure fails to adequately define “critical infrastructure.” If the ruling powers decide that it is something that a private business does not want included, legal wrangling would begin. This is an argument to which the Obama administration is sensitive and to which it responds by saying that it would work with both parties to craft a sensible measure.

To that end, its official position paper on the subject says that the digital infrastructure was created as a way to share information. And at the time it was built, little consideration was given to security. As a result, both national enemies and corporate thieves are trying to steal or destroy valuable assets.

The White House, generally, supports the bill about to be debated on the Senate floor -- one that its sponsors argue does narrowly describe “critical infrastructure”: That would be any national asset that is brought down or destroyed and that would lead to mass casualties, mass evacuations or financial collapse.

“We are being bled of our intellectual property everyday and would-be enemies probe the weaknesses in our most critical national assets -- waiting until the time is right to cripple our economy or attack a city’s electric grid with the touch of a key,” says Senator Joe Lieberman, I-Conn., the bill’s co-sponsor, in a floor speech.

Utility Concerns

After collectively identifying the precise systems that are at high risk, the U.S. Department of Homeland Security would then work with that “narrow slice” of the private sector that must join in the battle, Lieberman adds.

For example, let’s say that Pepco, the electric company serving the Washington, DC, metro area, had “critical” systems covered by the bill: Only systems directly involved in the generation or distribution of electricity would need to conform to the increased security standards, the senator notes. But Pepco’s other systems, like human resources or customer service, would not be asked to do anything new.

For their part, power companies are already supposed to certify with the Federal Energy Regulatory Commission that they have developed robust systems that can continue to generate and deliver power if attacked. To comply, they are describing their potential risks based on historical accounts.

As with other businesses, utilities are also concerned about overreach. They prefer voluntary efforts, as opposed to those mandated by law, noting that as owners of the assets, they are naturally motivated to secure them. Moreover, the electrical structure here is inextricably linked to the health of the economy: Altogether, more than 800,000 megawatts of power that is transported via 200,000 miles of transmission serve a population of 300 million.

“Cyber threats change so quickly that any legislation must also protect the ability of the private sector to be fast and agile in the detection, prevention, mitigation, and response to cyber events that can have national or global impact. Policymakers should not complicate or duplicate existing security-related industry standards with government-specific standards and bureaucracies,” says a letter signed by the Edison Electric Institute to the House leadership.

Because there is general consensus that legislative action is necessary, the partisans are trying to bridge their differences. Electric utilities are worried about cumbersome laws. Other interests are concerned about privacy rights. But the bigger picture is national security, and it remains unknown if all of those competing dynamics can be reconciled so that a cyber security bill could pass.


EnergyBiz Insider is named a 2012 Finalist for Original Web Commentary presented by the American Society of Business Press Editors. The column is also the Winner of the 2011 Online Column category awarded by Media Industry News, MIN. Ken Silverstein has been named one of the Top Economics Journalists by Wall Street Economists.

Twitter: @Ken_Silverstein

energybizinsider@energycentral.com

Copyright © 1996-2012 by CyberTech, Inc. All rights reserved.

To subscribe or visit go to:  http://www.energycentral.com

To subscribe or visit go to:  http://www.energybiz.com