Senator Joe Lieberman introduced a new version of a bill to improve U.S. cybersecurity, seeking a compromise to gain support for a measure that has stalled over disagreements on government standards.
The proposal would set up voluntary incentives for operators of critical infrastructure such as power grids and chemical plants to improve security against computer attacks. Lieberman’s original bill would have allowed the Department of Homeland Security to create mandatory security standards for infrastructure.
“We are going to try carrots instead of sticks as we begin to improve our cyber defenses,” Lieberman, a Connecticut independent, said in an e-mailed statement. “If that doesn’t work, a future Congress will undoubtedly come back and adopt a more coercive system.”
Senate Majority Leader Harry Reid, a Nevada Democrat, has pledged to bring the Lieberman bill to the Senate floor for a vote, without specifying a date. The Senate is scheduled to leave for summer recess Aug. 6.
The revised measure would create a National Cybersecurity Council, led by the secretary of Homeland Security, to work with industry groups to develop voluntary standards on the best ways to defend against computer attacks. It would offer benefits, such as liability protection and expedited government security clearances, to owners of critical infrastructure who meet those standards, according to Lieberman’s statement.
“This is exactly the kind of responsible, collaborative approach to an urgent national-security challenge that Americans expect but that Washington too rarely provides,” President Barack Obama wrote in a commentary for the Wall Street Journal, released by the White House. He urged the Senate to pass Lieberman’s compromise measure.
Lieberman’s original bill drew opposition from some Republicans for setting mandatory requirements for infrastructure, saying they would saddle companies with bureaucracy and fail to keep pace with evolving hacker threats.
The proposed compromise “represents the Senate’s best chance to pass cyber legislation this year,” said Republican Susan Collins of Maine, a co-sponsor of the measure. “Our bill is a good-faith effort to address the concerns of members of both sides of the aisle by establishing a framework that relies upon the expertise of government and the innovation of the private sector.”
Lawmakers have so far failed to reach consensus on an approach for protecting U.S. networks from cyber-espionage and potential disruption of vital assets such as utilities and transportation networks that are connected to the Internet.
The Republican-controlled House passed legislation in April that would encourage voluntary sharing of cyber threat information between businesses and government without setting security requirements. Eight Senate Republicans, including John McCain of Arizona, introduced a similar measure.
Brian Rogers, a spokesman for McCain, declined to comment on the revised bill proposed by Lieberman, who is chairman of the Senate Homeland Security and Government Affairs Committee.
A group of senators took to the Senate floor today to argue for the need to strengthen protections for privately-owned infrastructure. The group included Democrats Sheldon Whitehouse of Rhode Island; Barbara Mikulski of Maryland; Richard Blumenthal of Connecticut; Christopher Coons of Delaware; and Republican Roy Blunt of Missouri.
“I don’t want to wake up one day and find out America’s been hit because of gridlock here,” Mikulski said.
Whitehouse and Senator Jon Kyl, an Arizona Republican, had been working on a compromise proposal that would use voluntary incentives rather than requirements to spur infrastructure companies to boost their digital defenses.
The revised Lieberman bill made significant privacy improvements in its information-sharing provisions, such as having companies share data with civilian rather than military agencies, Michelle Richardson, legislative counsel for the American Civil Liberties Union, said in an interview.
The ACLU and other civil-liberties groups had criticized the original Lieberman measure as well as the McCain and House bills, saying they didn’t provide adequate privacy safeguards for sensitive consumer data that might be exchanged.
Lieberman’s revised bill is S. 3414. The McCain bill is S. 3342. The House bill is H.R. 3523.
To contact the editor responsible for this story: Bernie Kohn at firstname.lastname@example.org.