Senators are offering clashing proposals for moving forward with stalled cybersecurity legislation as President Barack Obama weighs going around Congress and creating measures for businesses to better protect their networks.
Senate supporters of the White House-backed Cybersecurity Act of 2012 failed to muster enough votes on Aug. 2 to end a Republican filibuster of the bill, leaving it stalled as Congress takes its August recess (Defense Daily, Aug. 3). The Senate will be in session only three weeks in September before fiscal year 2012 ends on Sept. 30, and the chamber has a slew of bills waiting to be considered.
White House counterterrorism adviser John Brennan said last week that the Obama administration is considering using executive power to encourage or prod businesses to do more to protect their networks from cyber attacks.
“One of the things that we have to do in the executive branch is to see what we can do to maybe put additional…guidelines or policy in place under executive branch authorities,” Brennan told the Council on Foreign Relations Aug. 8, according to the Associated Press. “If the Congress is not going to act on something like this, then the president is going to do everything possible.”
Members of the Democratic-led Senate, meanwhile, are weighing in on the matter this week from their districts.
Sen. Jay Rockefeller (D-W.Va.), a co-sponsor of the Cybersecurity Act of 2012, sent Obama a letter on Monday saying that while senators will continue to work on the legislation, he urges the president to “explore and employ every lever of executive power that you possess to protect this country from the cyber threat.”
“We must act to address our cyber vulnerabilities as soon as possible and many components of the Cybersecurity Act are amenable to implementation via executive order, normal regulatory processes, or other executive action under the authorities of the Homeland Security Act,” Rockefeller wrote.
He particularly wants Obama to issue an executive order to create a program to protect critical cyber infrastructure similar to one proposed in the Cybersecurity Act. That could be a program that forms a partnership between private firms and the government to conduct risk assessments of critical-infrastructure providers’ networks and also creates voluntary security guidelines for companies to follow, Rockefeller wrote.
The Cybersecurity Act–whose main sponsors are Sens. Joseph Lieberman (I/D-Conn.) and Susan Collins (R-Maine)–has been controversial because of that proposal. Co-sponsors of the bill–who also include Sens. Dianne Feinstein (D-Calif.) and Tom Carper (D-Del.)–revised it last month to garner more support from Republicans and business interests concerned about critical-infrastructure mandates. The supporters dropped language authorizing the Department of Homeland Security to create mandatory standards for such providers, and instead proposes incentives for those that adopt voluntary guidelines.
Lieberman, like Rockefeller, also has raised the possibility of Obama making cybersecurity changes via executive order.
Yet Sen. John McCain (R-Ariz.) and other supporters of an alternate cybersecurity bill–who oppose the critical-infrastructure provisions in the Lieberman-Collins measure–are calling for the Senate to resume debate in September. That other legislation backed by McCain, the Secure IT Act, would create no new federal regulations and instead focuses on removing legal barriers to government and businesses sharing information about cyber attacks.
McCain and Sens. Kay Bailey Hutchison (R-Texas), Chuck Grassley (R-Iowa), Saxby Chambliss (R-Ga.), Jon Kyl (R-Ariz.), Lisa Murkowski (R-Alaska), Dan Coats (R-Ind.), Ron Johnson (R-Wis.), and Richard Burr (R-N.C.) said yesterday they are “disappointed” the Senate has not passed a bill like one the House OK’d in April. The Republican-led House’s Cyber Intelligence Sharing and Protection Act (CISPA) is similar to the Secure IT Act they support in the Senate.
In a joint statement, the Republican senators slam Senate Majority Leader Harry Reid (D-Nev.) for how he managed the cyber bill’s debate earlier this month.
“Before we adjourned for the August recess, several Republican and Democratic Senators had an understanding on how to best move forward on cybersecurity, and a shared commitment to working through the recess toward compromise legislation that could pass with bipartisan support,” they said in their statement. “When it returns next month, the Senate should address cybersecurity, but not in the ‘take it or leave it’ manner the majority leader pursued.”
Pentagon leaders concerned about cyber attacks have been calling for Congress to pass legislation, and Chairman of the Joint Chiefs of Staff Gen. Martin Dempsey traveled recently to Silicon Valley for a week to discuss this nation’s cyber vulnerabilities with technology industry leaders.
Dempsey told reporters yesterday that because the Internet domain has not “borders or buffer zones,” that “public-private collaboration is the only way to safeguard our nation’s critical infrastructure.”
“We all agreed on the need to share threat information at network speed,” Dempsey said about his meetings with technology gurus. “And I’d like to see…Congress push towards cyber legislation that does at least this.”