U.S. senators asked Facebook Inc., Google Inc. and Apple Inc. to back a proposed compromise cybersecurity bill as they urged colleagues to pass legislation to strengthen defenses against crippling computer assaults.
Democrats Jay Rockefeller, of West Virginia, and Dianne Feinstein, of California, wrote chief executive officers of more than 20 technology companies last week seeking their support, according to a list released by the Senate Commerce Committee.
Rockefeller, the Commerce panel chairman, and Feinstein are among a group of senators who last week offered a revamped version of a stalled cybersecurity measure in a bid to pick up Republican votes.
“The danger of cyber attacks against the United States is clear, present and growing, with enemies ranging from rival nations to cyber terrorists to organized criminal organizations to rogue hackers,” Senator Joe Lieberman, a Connecticut independent who leads the Homeland Security Committee, said at a news conference today. Lieberman and Maine Republican Susan Collins have been leading the push to pass a bill this year.
The new bill relies on voluntary, rather than mandatory, security standards for operators of critical infrastructure such as power grids and chemical plants. Republicans had criticized an earlier version that called for mandatory government standards, saying that would add bureaucracy and fail to keep pace with evolving cyber threats.
The U.S. Chamber of Commerce, the largest U.S. business lobby, expressed concerns with the revised Lieberman bill last week, saying the voluntary program for critical infrastructure could in practice become too much like a set of requirements.
Andrew Noyes, a spokesman for Facebook, and Samantha Smith, a spokeswoman for Google, declined to comment. Kristin Huguet, an Apple spokeswoman, didn’t immediately respond to a request for comment.
Lieberman said he’s disappointed the changes to his bill haven’t garnered more Republican support, while saying the measure will come before the Senate by the end of this week. He and Collins said they think there are enough votes to bring the bill up for consideration. The Senate’s summer recess starts Aug. 6.
Senate Majority Leader Harry Reid, a Nevada Democrat, said he would be “dumbfounded” if Republicans block Senate debate on the measure. “Unless we do something, it’s not a question if there’s going to be an attack that will be successful,” Reid said. “The only question is when it will be, so that’s why we have to do this.’
Senator John McCain yesterday criticized Reid’s decision to move forward with the cybersecurity measure ahead of a defense authorization bill, which he said is a higher priority. McCain, an Arizona Republican, called the cybersecurity bill ‘‘controversial and flawed.”
“Without significant amendment, the current bill the majority leader intends to push through the Senate has zero chance of passing in the House or ever being signed into law,” McCain said on the Senate floor.
The Republican-controlled House passed a bill in April that would encourage voluntary sharing of cyber threat information between businesses and government without setting standards for critical infrastructure. McCain and seven other Senate Republicans have offered a similar measure.
President Barack Obama last week urged the Senate to pass the Lieberman bill, citing hacker threats to infrastructure such as nuclear-power and water-treatment plants. Obama said information-sharing alone isn’t enough, and threatened to veto any cybersecurity bill that lacks strong privacy protections for consumer data that might be shared.
Neither the revised Lieberman bill nor the House bill will do anything to protect the nation from cyber threats, James Lewis, technology program director at the Center for Strategic and International Studies in Washington, said in an e-mailed statement today.
Cyber threat information-sharing has been tried since President Bill Clinton’s administration in the 1990s and failed to improve security, and there are no incentives sufficient to motivate a company to take voluntary action on cybersecurity, Lewis said.
“Congress does not want to be in the position, after the inevitable cyber disruption, of having to say they did nothing,” Lewis said. “The political solution in this case is to pass inadequate legislation and pretend it will work.”
The Lieberman bill is S. 3414. The House bill is H.R. 3523. The McCain bill is S. 3342.