Comprehensive cybersecurity legislation in the Senate is dead.
Sen. Harry Reid (D-Nev.), the majority leader, Wednesday night pronounced the Cybersecurity Act of 2012 ran out of lives after it failed to gain 60 votes to end cloture.
The Senate passed the motion to end cloture 51 to 47, but without three-fifths approval the bill cannot move forward to the debate and amendment portion of the process.
“The bill that was and is the most important to the intelligence community and the Pentagon was just killed, and that was cybersecurity,” Reid said. “Mr. President, I had a number of people come to me during the day and say ‘Are you going to allow relevant minutes on this?’ I said, ‘Sure.’ They said, ‘How about five?’ I said, ‘Fine.’ But Mr. President, whatever we do on this bill isn’t enough for the [U.S.] Chamber of Commerce. Not enough. So everyone should understand cybersecurity is dead for this Congress.”
Reid was referring to the U.S. Chamber of Commerce’s strong opposition to specific provisions in the cyber bill that would require the government to create regulations and oversee their implementation to protect critical infrastructure owners and operators.
In April, the chamber joined 25 other business organizations in a letter to House leaders detailing its cyber priorities.
“The business community recognizes the tremendous opportunities and challenges inherent in our interconnected world. Cyberspace has transformed the global economy and connected people in new and exciting ways. Any cyber legislation that Congress considers must protect and promote, not stifle, innovation in order to increase cybersecurity and grow electronic commerce,” the letter stated. “Cyber threats change so quickly that any legislation must also protect the ability of the private sector to be fast and agile in the detection, prevention, mitigation and response to cyber events that can have national or global impact. Policymakers should not complicate or duplicate existing security-related industry standards with government-specific standards and bureaucracies.”
Concerns about regulations, DHS remained
Beyond the concerns by business groups, lawmakers had trouble convincing their colleagues that the bill made sense.
The reason the bill didn’t get through was twofold. Republicans were concerned about the lack of ability to offer amendments. In addition, many brought up the same concerns they’ve expressed all along: too much regulation on industry, and the role DHS would play in overseeing the critical infrastructure is wrong for them.
Sen. Charles Grassley (R-Iowa) is one of the critics of the comprehensive cyber bill and a co-sponsor of the SECURE IT bill.
“I’m baffled why the Senate would take an agency that has proven problems with overseeing critical infrastructure and give them chief responsibility for our country’s cybersecurity,” he said. “Additionally, I’m concerned with the provisions that restrict the way information is shared. The restrictions imposed under Title VII of the bill are a step backward from other information sharing proposals.”
He added if DHS is the gatekeeper of cyber information, it will create a bottleneck for information coming into the government.
“Title VII includes restrictions on what types of information can be shared, limiting the use of it for criminal prosecutions except for those that cause imminent harm,” Grassley said. “This is exactly the type of restriction on information sharing the 9-11 Commission warned us about now 10 years ago.”
Cyber enemies are inside the gates
Reid had hoped to get at least 60 votes, debate the provisions, allow amendments and then get a vote before the end of the lame duck session.
The failure to move the bill means Sen. Joseph Lieberman (I-Conn.) will retire in January without seeing one of his signature bills passed into law.
Lieberman last night called for his colleagues to give the cyber bill a chance.
“I want to assure and appeal to my colleagues to vote to at least take this measure up. The cyber enemies are at the gates, in fact they have already broken through the gates. The least we can do is to debate and vote on amendments to determine how we can strengthen our cyber defenses.”
This was the second time the Senate failed to move the bill. In August, it also failed to get 60 votes to end cloture.
The Obama administration has said that if Congress does not pass cybersecurity legislation, the President would act to protect critical infrastructure companies from cyber threats and electronic espionage by signing an executive order.
The frustration in the Senate’s inability to pass the bill was widespread.
Pentagon press secretary George Little said in an email statement, “Secretary [Leon] Panetta was disappointed to learn that the Senate failed to move forward on the Cybersecurity Act of 2012, which would have enhanced our nation’s ability to protect itself against cyber threats, which are growing at an alarming rate. Cyber attacks threaten to have crippling effects on America’s critical infrastructure, and on our government and private sector systems. The U.S. defense strategy calls for greater investments in cybersecurity measures, and we will continue to explore ways to defend the nation against cyber threats. New legislation would have enhanced those efforts. If the Congress neglects to address this security problem urgently, the consequences could be devastating.”
Sen. Tom Carper (D-Del.), who co-sponsored the Cybersecurity Act of 2012, also expressed disappointment.
“Every day, hackers steal our sensitive personal information as well as the ingenuity and hard work of our businesses, both large and small,” Carper said in an email statement. “This hurts our economy and our global competitiveness and leads to the loss of American jobs. Even more threatening, cyber terrorists have proven that they have the ability to destroy the systems that operate our critical infrastructure, jeopardizing the health and safety of millions of Americans. While this bill isn’t perfect, it is a significant improvement over our current cyber security laws, which numerous experts have said do not go far enough to protect us.”
Sen. Susan Collins (R-Maine), a sponsor of the bill, said, “In all my years on the Homeland Security Committee, I cannot think of another issue where the vulnerability is greater and we’ve done less.”