It looks like Congress will have to hit the reset button on cybersecurity.
The Senate failed to pass cybersecurity legislation this week before the chamber's summer recess as Republicans sided with U.S. Chamber of Commerce objections. The proposed bill, called the Cybersecurity Act of 2012 (S. 3414), was born from fears that cyberattacks on critical national infrastructure could leave the nation in a state of confused dysfunction similar to what Northern India has faced in recent days amidst its record-breaking blackouts that continue to affect hundreds of millions of people.
Despite months of work, senators could not come to consensus on how to better protect the nation's computer systems. Instead, they were left frustrated. Meanwhile, warnings continue that the U.S. is at risk.
In July, the Government Accountability Office (GAO) released a report stating that the U.S. electric grid remains vulnerable to cyberattacks because of its reliance on certain IT systems with known security holes. The report followed more than a year of requests from the GAO petitioning the federal government to address the problem and institute a set of standards that would protect infrastructure.
While most Democrats supported the Cybersecurity Act -- which aimed to improve detection of cyberattacks against infrastructure like power grids, dams and transportation -- all but five Republicans opposed the bill and cited the legislation as an impingement on the rights of business owners. The debates ended with a Republican-led filibuster, after a 52-46 vote fell short of the 60-vote threshold needed to end the filibuster.
"Rarely have I been so disappointed in the Senate's failure to come to grips with a threat to our country," said U.S. Sen. Susan Collins, the ranking Republican on the Senate Homeland Security Committee and one of the bill's chief sponsors, who had tried in vain to sway her GOP colleagues, reported The Los Angeles Times. “How many more implorings do we need from our nation's top homeland and military officials to act?” Collins asked shortly before the vote.
Collins and Sen. Joe Lieberman, chief sponsors of the bill, initially called for mandatory minimum security standards to force companies that own life-sustaining equipment to install new security measures. But the U.S. Chamber of Commerce and other business groups chided the measure as being too restrictive in a free market and said the bill could actually prevent companies from effectively defending against cyberattacks.
"The chamber believes [the bill] could actually impede U.S. cybersecurity by shifting businesses' resources away from implementing robust and effective security measures and toward meeting government mandates," wrote Bruce Josten, the chamber's chief lobbyist.
After criticism from Republicans, proponents of the bill scaled it back, calling for a system of voluntary security standards that offered immunity from lawsuits to companies that participated. But the changes ultimately weren't enough to placate opponents of the bill.
"It's incomprehensible why they are opposing it," said John Brennan, the White House counterterrorism adviser, reported The Los Angeles Times. "It's not grounded in facts nor in national security concerns."
Republicans are in favor of cybersecurity legislation, just not this piece of legislation, evidently. In June, four former senior security officials appointed by George W. Bush sent a letter to Senate leaders requesting a bill that would institute government standards for businesses that operate important infrastructure. The letter was signed by former CIA Director Michael Hayden, former Homeland Security Secretary Michael Chertoff, former Director of National Intelligence Mike McConnell and former Assistant Defense Secretary Paul Wolfowitz.
More attempts at cybersecurity legislation are expected this year after the August recess, but despite support from key figures on both sides of the political fence, few lawmakers seem optimistic about the prospect of getting a Senate bill passed because of conflicting ideals on government's role in private enterprise.
An outspoken opponent of the bill, Sen. John McCain cited privacy threats as among the reasons Republicans opposed the legislation. McCain, who previously had his own cybersecurity bill called the SECURE IT Act, suggested that more time be put into the bill. “There are those that believe any legislation is better than no legislation,” McCain said, reported TheHill.com. “I’ve been around long enough to know that isn’t true.”
White House Press Secretary Jay Carney criticized Republican opposition to the bill shortly after the vote in a statement. "Senate Republican opposition to this vital national security bill, coupled with the deeply flawed House information sharing bill that threatens personal privacy while doing nothing to protect the nation’s critical infrastructure, is a profound disappointment," Carney said. "Despite the president’s repeated calls for Congress to act on this legislation, and despite pleas from numerous senior national security officials from this administration and the Bush administration, the politics of obstructionism, driven by special interest groups seeking to avoid accountability, prevented Congress from passing legislation to better protect our nation from potentially catastrophic cyberattacks."