Connecticut Sen. Joseph Lieberman and Susan Collins (and three other co-sponsors) recently introduced a compromise-version of their Cybersecurity Act of 2012. As opposed to the previous draft, which included penalties for non compliance, this one gives critical infrastructure owners the option to participate in a voluntary cybersecurity program. According to FierceGovernmentIT, if they demonstrate through self-certification or a third-party assessment that they meet voluntary cybersecurity practices, they would be eligible for benefits such as liability protections, expedited security clearances, and priority assistance on cyber issues.
In addition, the bill creates the National Cybersecurity Council, comprised of representatives from the Defense, Justice and Commerce departments, the Intelligence Community and chaired by DHS. The Council would conduct risk assessments to determine which sectors are subject to the greatest and most immediate cyber risk and would identify particular categories of critical infrastructure as critical cyber infrastructure.