The 51-page Rockefeller/Snowe bill calls for the appointment of a National Cybersecurity Advisor that reports directly to the President.
"[Rockefeller/Snowe] got input form a lot of sources, including the CSIS report, so there is more there than we had laid out. It's a strong bill," said Jim Lewis, director and senior fellow in the technology and public policy program at CSIS.
The bill aims at uniting both public and private network operators, including corporations, in developing regulations for defending computer systems before and during cyber attacks.
Rockefeller says the legislation addresses the threat to private sector infrastructure such as banking, utilities, air/rail/auto traffic control, and telecommunications.
But even Rockefeller said the bill was a starting point and not a finished product.
"This legislation is the beginning of the process - the objective of this cybersecurity bill is to start the debate and chairman Rockefeller welcomes comments from all parties, he is sitting down with stakeholders already and he welcomes input from all those supportive of the legislation and those with concerns," said Jena Longo, deputy communications director for the U.S. Senate Committee on Commerce, Science & Transportation.
CDT's Harris said there is likely to be much concern from the private sector. In CDT's evaluation of the bill's language, Harris says "We read this bill to say it sets a technical standard and one way to do things."
She says the government could establish standards on how to configure software and on security configurations that would apply to anything the President says is critical infrastructure.
"If you are a bank or a communications network and you are critical infrastructure you have to meet those standards," says Harris. Such a mandate, she says, would undermine innovation and weaken security because all critical infrastructure would be running the same technology that once compromised would see networks fall like dominoes.
But it is that kind of input, says CSIS Lewis, that the bill is designed to draw out.
"It takes a broad brush approach," he says. "It's got sections on organization, strategy, education, technology standards, public private partnership and a little regulatory authority. No previous U.S. effort has been as comprehensive, and that's one of the main reasons all our previous efforts failed. This is a big step forward," said Lewis.
But he added that all that might add up to the bill never getting passed. "But it's good to put people on notice that the standard half-baked or half-witted solutions won't cut it."