A bipartisan group of senators is working on a compromise around U.S. cybersecurity legislation that’s been stalled over differences on whether government should set protection standards, Senator Joseph Lieberman said.
Senators Sheldon Whitehouse, a Rhode Island Democrat, and Jon Kyl, an Arizona Republican, are working on a proposal, Lieberman, a Connecticut independent, said in an interview with Bloomberg Government. South Carolina Republican Lindsey Graham and Delaware Democrat Christopher Coons are also taking part in the negotiations, Lieberman said today.
A bill sponsored by Lieberman and backed by President Barack Obama would put the Homeland Security Department in charge of setting cybersecurity requirements for critical systems such as power grids and transportation networks while encouraging companies to share cyber threat data.
“Some of my colleagues are making this into another instance of what they see as government over-regulation of business,” Lieberman said. “This is national security.”
Lieberman’s bill has been opposed by House and Senate Republicans who favor voluntary industry measures to improve cybersecurity.
Senators working on a compromise are considering incentives for owners of critical infrastructure to improve cybersecurity, or minimum standards that infrastructure operators must meet to get protection from lawsuits, Lieberman said.
Lieberman, while saying he supports the effort to find compromise, said he’s unwilling to accept those steps because voluntary efforts aren’t enough to protect the U.S. from cyber attacks.
U.S. lawmakers are seeking to deter cyber attacks capable of disrupting vital infrastructure and stealing intellectual property. Hackers and illicit programmers in China and Russia are aggressively pursuing American technology and industrial secrets, jeopardizing an estimated $398 billion in U.S. research spending, the National Counterintelligence Executive, the agency responsible for countering foreign spying on the U.S. government, said in a November report.
Majority Leader Harry Reid, a Nevada Democrat, has pledged to bring Lieberman’s bill to the Senate floor and hasn’t set a date. Lieberman said he’s confident legislation will go to the floor this month.
Timing of Bill
“We can pass a good bill but we’re not going to know until Senator Reid says it’s coming to the floor next Monday, because that will force these negotiations to a conclusion,” Lieberman told reporters and editors at Bloomberg.
The bill won’t come to the floor this week or next, Adam Jentleson, a spokesman for Reid, said in an e-mail. The Senate’s current work period ends June 29.
“Senator Reid still hopes to move the bill this work period but we have a packed schedule for June,” Jentleson said.
A group of former U.S. military and intelligence officials urged Reid and Senate Minority Leader Mitch McConnell, a Kentucky Republican, to bring cybersecurity legislation to the Senate floor that includes standards for vital assets such as electricity systems, nuclear plants, and energy pipelines.
“Protection of our critical infrastructure is essential in order to effectively protect our national and economic security from the growing cyber threat,” the former officials wrote in a letter yesterday.
Those signing the letter include former Homeland Security Secretary Michael Chertoff; former Director of National Intelligence Mike McConnell; and former Central Intelligence Agency Director Michael Hayden.
The House passed a bill on April 26 that would encourage the government and companies to share information on cyber threats and give businesses legal immunity for such exchanges.
The measure, introduced by Representative Mike Rogers, a Michigan Republican who is chairman of the House Intelligence Committee, passed the House by a vote of 248 to 168 after a veto threat from Obama’s administration, which said the measure fails to protect the nation’s critical systems and would erode consumer-privacy safeguards.
Eight Senate Republicans including John McCain of Arizona and Kay Bailey Hutchison of Texas have also introduced a bill to promote information sharing on cyber threats.
Civil liberties and other groups have said the Rogers, McCain and Lieberman bills don’t provide adequate protections for sensitive personal data that may be part of information-sharing provisions.
The Lieberman bill is S. 2105. The Rogers bill is H.R. 3523. The McCain bill is S. 2151.