The U.S. Senate on Thursday failed to end debate on a comprehensive cybersecurity bill, pushing action on the bill into September and potentially killing it.
The Senate voted 52-46 to end debate and move toward a final vote on the revised Cybersecurity Act, but 60 votes were needed to move forward. This week, members of President Barack Obama’s administration called passage of the bill critical for U.S. national security.
The Senate is expected to start its August recess on Friday, not returning until Sept. 7. It is typically difficult for controversial legislation to pass between September and the national election in November.
Opponents of the bill, including many Republicans, said it still has several problems that need to be worked out. Sponsors of the Cybersecurity Act introduced the revised version of the bill July 19, and many critics said there hasn’t been enough time to fix the legislation.
Supporters of the bill shouldn’t see the vote against cloture Thursday as an attempt to kill the bill but an attempt to amend it and improve it, said Senator John McCain, an Arizona Republican. The bill would give the U.S. government too much power to set and amend cybersecurity standards developed with the help of private companies, McCain has said.
Several senators have come to “some agreement that we think could move this legislation forward in a fashion that recognizes the importance of the issue and yet dramatically, in our view, improves the legislation,” McCain said. “So I would hope that the Republican leader and the majority leader would not interpret this vote … as an impediment to the process that I think was moving on a path where we could have reached some agreement and addressed this issue and this legislation conclusively.”
The U.S. Chamber of Commerce raised similar concerns. “The bill would give the federal government too much control over what actions the business community could take to protect its computers and networks,” Ann Beauchesne, the chamber’s vice president of national security, said in an email. “Businesses need concrete certainty that they would have an equal voice over the direction of the program and that the program would be responsive and dynamic, just like the Internet itself.”
The chamber also called for the Senate to strengthen lawsuit protections in the bill.
Republican senators were “running like scared cats” away from the bill because of the chamber’s opposition, Senator Harry Reid, a Nevada Democrat and Senate majority leader said Thursday. The chamber is a major backer of many Republican candidates.
Several other senators, led by Minnesota Democrat Al Franken, pushed for privacy protections in the bill. The legislation would allow Internet service providers and other Web businesses to spy on customers to share information with the government without the need for a warrant, he said. The bill would take away customer rights to sue those businesses, he added.
Senator Susan Collins, a Maine Republican and co-sponsor of the bill, criticized other senators for trying to tack on several unrelated amendments to the bill. “Rarely have I been so disappointed in the Senate’s failure to come to grips with a threat on our country,” she said Thursday.
The bill would also create a new intra-agency council to work with private companies to develop cybersecurity standards that businesses could voluntarily adopt. The bill would offer incentives to companies that volunteer for cybersecurity programs, including protection from lawsuits related to cyberincidents and increased help and information on cybersecurity issues from U.S. agencies.
Although the adopting the standards are voluntary, the authors of the bill wanted to give businesses strong incentives to adopt the standards, said Senator Joseph Lieberman, a Connecticut Independent and sponsor of the legislation.
The incentives will create “tremendous inducements — yeah, even maybe pressure — on CEOs” of companies of critical infrastructure to adopt the standards, Lieberman said last week. Companies that don’t adopt the standards and are attacked “they will be subject to enormous, probably corporation-ending liability,” he added.
The bill would also authorize the government to provide security clearances to companies with a need to receive classified information to protect their networks. It would also create new cybersecurity research and development programs in the U.S. government, and it would create new federal programs to identify and recruit cybersecurity workers for the government.
The Information Technology Industry Council, a tech trade group, called Thursday’s vote a “lost opportunity” to improve cybersecurity in the U.S.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant’s e-mail address is grant_gross@idg.com.