US senators, warning of potentially catastrophic cyberattacks, introduced a bill Tuesday aimed at protecting critical infrastructure such as power, water and transportation systems.
The Cybersecurity Act of 2012 is the latest attempt by the divided US Congress to pass legislation aimed at securing government and private sector networks from foreign cyber espionage, criminal hackers and terrorist threats.
"The nation responded after 9/11 to improve its security," said Senator Joseph Lieberman, an independent who co-sponsored the long-awaited bill.
"Now we must respond to this challenge so that a cyber 9/11 attack on America never happens," Lieberman said.
"I can't think of a more urgent issue facing this country," said Senator Jay Rockefeller, a Democratic co-sponsor. "Hackers are stealing information from Fortune 500 companies, breaking into the networks of our government and security agencies and toying with the networks that power our economy.
"The new frontier in the war against terrorists is being fought online and this bill will level the playing field," Rockefeller said.
The Cybersecurity Act of 2012 would have the Department of Homeland Security determine what qualifies as critical infrastructure and require compliance with a set of security standards.
The legislation defines as critical infrastructure systems "whose disruption from a cyberattack would cause mass death, evacuation, or major damage to the economy, national security, or daily life."
The bill would encourage information-sharing about cyber threats between US government agencies and the private sector and consolidate Homeland Security cybersecurity programs under a unified National Center for Cybersecurity and Communications.
"This bill would begin to arm us for battle in a war against the cyber mayhem that is being waged against us by our nation's enemies, organized criminal gangs, and terrorists who would use the Internet against us as surely as they turned airliners into guided missiles," Lieberman said.
Republican co-sponsor Susan Collins said the legislation is needed to "achieve the goal of improving the security of critical cyber systems and protecting our national and economic security.
"Our nation's vulnerability has already been demonstrated by the daily attempts by nation-states, cyber criminals, and hackers to penetrate our systems," Collins said.
The Senate Committee on Homeland Security and Governmental Affairs is to hold a hearing on the bill on Thursday.
James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, described the bill as a "really significant piece of legislation" but said "key sections of it have been diluted."
"The part that really counts is the ability to hold critical infrastructure to mandatory standards and that's under tremendous industry pressure to have it hollowed out," said Lewis, who is scheduled to testify before the committee.
Lewis said the bill "has the best chance of any I've seen" of passage but he was "not optimistic."
The introduction of the cybersecurity bill coincided with a visit to the United States by Chinese Vice President Xi Jinping, who is expected to succeed Chinese President Hu Jintao next year.
In an unusually blunt report issued in November, a US intelligence agency, the office of the National Counterintelligence Executive, said the Chinese are the world's "most active and persistent perpetrators" of economic espionage.
While acknowledging the difficulty of proving state sponsorship, the report said "US private sector firms and cybersecurity specialists have reported an onslaught of computer network intrusions that have originated in China."
China has repeatedly denied state involvement in cyber espionage against Western governments and companies, including well-publicized attacks on Internet giant Google that sparked a row between Washington and Beijing.
Explore further: US regulator warns consumers of Bitcoin risks