U.S. Senator Joseph Lieberman is considering changes to his cyberdefense bill, which has been stalled over disagreements about whether the government should set security standards.
Lieberman, a Connecticut independent, said today he’s looking at revising sections of the bill on protecting critical infrastructure and on the sharing of cyberthreat information between businesses and government to build support for the measure. He said he’s seeking to garner 60 votes, which is the minimum needed to get over a procedural hurdle in the Senate and begin floor debate.
“I’m open to changing some parts of it,” Lieberman said in an interview outside the Senate chamber. While he considers his measure to be “the best idea” among competing proposals, Lieberman said “I want to get something passed this year, and I think this problem is only going to grow more serious.”
Republicans in Congress and the U.S. Chamber of Commerce have criticized the approach of Lieberman’s bill, which would let the Homeland Security Department set cybersecurity requirements for critical infrastructure such as power grids and water-treatment plants. Federal regulations, they say, would saddle companies with bureaucracy and fail to keep pace with evolving hacker threats.
Senate Majority Leader Harry Reid, a Nevada Democrat, has pledged to bring the Lieberman bill, which is backed by President Barack Obama’s administration, to a Senate vote without giving a date. Lieberman said he expects the bill will go to the Senate floor next week.
The Senate is scheduled to go on a summer recess Aug. 6.
Lawmakers haven’t reached consensus on an approach for protecting U.S. networks as concerns increase about cyber-espionage and potential disruption of infrastructure connected to the Internet. Hackers in China and Russia are pursuing U.S. technology and industrial secrets, jeopardizing an estimated $398 billion in research spending, according to a November report from the U.S. government’s Office of the National Counterintelligence Executive.
Eight Senate Republicans including John McCain of Arizona and Kay Bailey Hutchison of Texas have introduced a measure that would encourage voluntary sharing of cyberthreat information between businesses and government, without setting requirements. The Republican-controlled House passed a similar measure in April.
Lieberman said he’s considering elements from a compromise being developed by Senators Jon Kyl, an Arizona Republican, and Sheldon Whitehouse, a Rhode Island Democrat. Kyl and Whitehouse are leading an effort to create voluntary incentives rather than mandatory standards for protecting critical infrastructure.
Kyl and Hutchison said today they didn’t think the compromise would be ready next week.
“There are just a few things that could be done that would vastly increase cybersecurity -- but without a new whole regulatory regime, which is what many people think the Department of Homeland Security would do,” Hutchison said.
Lieberman is working on revisions with his bill’s co-sponsors, Republican Susan Collins of Maine and Democrats Jay Rockefeller of West Virginia and Dianne Feinstein of California, his spokeswoman, Leslie Phillips, said in an e-mail.
The Obama administration threatened to veto the House bill, saying it doesn’t address critical infrastructure or adequately safeguard consumer data that might be shared. Civil liberties groups have criticized the information-sharing provisions in the Lieberman, McCain and House bills, saying they don’t protect the privacy of consumer data.
Senator Jeff Bingaman, a New Mexico Democrat who leads the Senate Energy and Natural Resources Committee, plans to offer a measure he sponsored last year on electrical-grid security as an amendment to Lieberman’s bill when it reaches the Senate floor, Bill Wicker, a committee spokesman, said in an interview.
“We need to address these vulnerabilities that are clearly before us,” Bingaman said at a hearing today to highlight cyber threats to the nation’s power systems.
Lieberman and Collins today sent a letter to the Federal Energy Regulatory Commission asking it to investigate allegations that some entities are receiving certificates authorizing entry to the electric grid’s cyber business systems for longer than the maximum 20 years allowed by agency rules.
“If these allegations are true, the violations could undermine part of the security system protecting our grid,” the senators wrote.
The Lieberman bill is S. 2105. The McCain bill is S. 3342. The House bill is H.R. 3523. The Bingaman bill is S. 1342.