U.S. Senate Republicans yesterday killed cybersecurity legislation backed by President Barack Obama, increasing prospects the White House will implement some of the bill’s provisions through an executive order.
Supporters failed 51-47 to get the 60 votes needed under Senate rules to bring the bill up for passage. Republicans blocked the same measure in August, saying it would lead to more government regulation of business.
“It to some degree hardens the lines of division, which makes it more likely we’ll see an executive order rather than an attempt to revive the legislation in the near term,” Stewart Baker, a former assistant secretary for policy at the Department of Homeland Security, said in an interview.
“The only other thing that can produce legislation is a major cybersecurity meltdown,” said Baker, a partner at the Steptoe & Johnson law firm in Washington.
Administration officials have continued to warn about cyber threats capable of widespread damage. Defense Secretary Leon Panetta in a speech in New York last month said computer assaults by other countries or extremist groups could be as destructive as the Sept. 11 attacks.
White House officials have said Obama was considering an order creating a program to protect vital computer networks from cyber attacks if Congress failed to pass an acceptable law.
Majority Leader Harry Reid, a Nevada Democrat, said the Senate vote killed any chance for congressional action this year.
“Cybersecurity is dead for this Congress,” Reid said after the vote.
Four Republican senators broke ranks with their party to vote in favor of advancing the Senate bill, and five Democrats joined Republicans in opposition.
The legislation, introduced in February by Senators Joe Lieberman, a Connecticut independent, and Susan Collins, a Maine Republican, would have created voluntary cybersecurity standards for companies that operate infrastructure such as power grids and chemical plants considered essential to U.S. national security. The bill also would have encouraged companies and the government to share information on cyber threats.
Republicans and the U.S. Chamber of Commerce, the nation’s largest business lobby, opposed the voluntary standards, saying they would be a back door to government regulation and fail to keep pace with evolving threats in cyberspace. The chamber released a letter yesterday reiterating its opposition.
“Whatever we do on this bill, it’s not enough for the Chamber of Commerce,” Reid said.
Obama has signed a separate directive setting policy for how the government handles threats in cyberspace, according to three current and former administration officials. The directive opens the door to a bigger role for the Defense Department, directing it to provide civilian agencies with technical help on cybersecurity, according to a former senior intelligence official familiar with the document.
The debate over cybersecurity legislation has turned from substantive analysis to a “political blame game” about who can best protect the nation, Senator Charles Grassley, an Iowa Republican, said on the floor before yesterday’s vote.
“Rushing something through that will impact the country in such a massive way is not a way we should do business,” Grassley said.
Senate Republicans, including Grassley, John McCain of Arizona and Kay Bailey Hutchison of Texas, had urged more limited legislation to encourage government and companies to share information about cyber threats, along the lines of a bill they introduced in March.
The Republican-controlled House of Representatives in April passed a similar information-sharing measure, sponsored by Mike Rogers, a Michigan Republican who leads the House Intelligence Committee, and the panel’s top Democrat, C.A. “Dutch” Ruppersberger of Maryland.
The Obama administration said it would veto the House measure because it doesn’t safeguard the privacy of consumer data that may be shared or protect the nation’s infrastructure from cyber attacks.
The Lieberman bill is S. 3414. The McCain bill is S. 3342. The Rogers bill is H.R. 3523.
To contact the editor responsible for this story: Bernard Kohn at firstname.lastname@example.org