Senate Republicans last week voted down the Cybersecurity Act of 2012 offered by Sens. Joe Lieberman (I-Conn.) and Susan Collins (R-Maine), citing concerns that the bill would burden businesses with unnecessary regulations.
The bipartisan bill, introduced along with Sens. Jay Rockefeller (D-W.Va.), Dianne Feinstein (D-Calif.), and Tom Carper (D-Del.), fell eight votes short of the 60 required to overcome a filibuster and send the bill to a final vote in the Senate on Aug. 2. Forty Republicans and six Democrats voted in support of the filibuster.
The bill sought to encourage companies and the government to share information about cyberthreats and would have incentivized operators of critical infrastructure, such as electric grids and gas pipelines, to meet cybersecurity standards.
The original bill called for mandatory minimum standards for computer networks, developed collaboratively with industry representatives. But meeting forceful opposition from the U.S. Chamber of Commerce and other business groups, which perceived it as excessive government interference, Lieberman and Collins watered down the bill. The version that came up for vote last week called for a system of voluntary security standards.
A statement from the Chamber quoted Jody Westby, CEO of cybersecurity firm Global Cyber Risk, as saying “the Cybersecurity Act of 2012 actually would put a federal agent inside most of these businesses’ data centers and require assessments and reporting that could make Sarbanes-Oxley seem inexpensive.”
The Chamber said it backed the Cyber Intelligence Sharing and Protection Act of 2011 (CISPA), Rep. Michael Rogers’ (R-Mich.) bill, which passed the House this April, and which the Chamber says "prizes collaboration over regulation. It would compel the government to provide businesses with specific threat information and incentivize the voluntary sharing of private sector information, safeguarding businesses against lawsuits, public disclosure, and regulations."
White House senior advisors had opposed CISPA, saying in April that it not only failed to protect critical infrastructure but repealed "important provisions of electronic surveillance law without instituting corresponding privacy, confidentiality, and civil liberties safeguards." The White House said the president would veto the bill if it were presented to him.
The White House, which has thrown its full support behind the Cybersecurity Act of 2012, lamented the legislation’s demise last week. "In the wake of congressional inaction and Republican stall tactics, unfortunately, we will continue to be hamstrung by outdated and inadequate statutory authorities that the legislation would have fixed," said White House press secretary Jay Carney in a statement last week.
President Obama in a July 19 Wall Street Journal op-ed warned that cyber threats were one of the nation’s "most serious economic and national security challenges." Obama wrote that no one had yet disrupted critical infrastructure networks, but "foreign governments, criminal syndicates and lone individuals are probing our financial, energy and public safety systems every day."
After the bill failed to proceed in the Senate last week, the White House reportedly considered measures that could be taken without congressional approval to boost cybersecurity, including establishing a cyber-intelligence center through the Federal Energy Regulatory Commission, the Pentagon, and federal financial agencies. Congressional newspaper The Hill reported the White House "hasn’t ruled out issuing an executive order."
Sources: POWERnews, govtrack.com, The Hill, The Wall Street Journal
—Sonal Patel, Senior Writer (@POWERmagazine)