The provisions apply to U.S. governmental networks and to networks or systems designated by the president as a "critical infrastructure system or network" without defining any criteria for such a determination.

It's not hard to see all major Internet providers being so designated.

These bills, if passed, could impact just about everybody in the Internet or Internet services business in the United States -- maybe that is what is needed to get all of the players to pay attention to security.

It appears Harvard would not escape the requirements, or hopefully, the money, in these proposals, but the university has not commented on them so the above is my own review.