Hopes fade for new US cybersecurity law in 2012

Aug 02, 2012, 3:32 PM EDT
Richard Clarke, the White House's senior cybersecurity adviser, speaks at the unveils the administration cyberspace security policy in Stanford, Calif., Wednesday, Sept. 18, 2002. The nation's cybersecurity woes are best addressed by educating users so they can assess risks and by letting market forces --not government mandates --fix problems, according to his report
(AP Photo/Paul Sakuma)

* Senate fails to advance bill, with time running out

* Conflicts over privacy, regulation persist

By Jasmin Melvin

WASHINGTON, Aug 2 (Reuters) - Despite growing concerns of the threat of cyber attacks, chances of a new U.S. cybersecurity law passing this year faded Thursday as Senate Republicans blocked a bill that would let the government and companies share information about attacks on computer networks.

The measure had been viewed as one of the few that might draw enough bipartisan support to get through the largely deadlocked Congress. Experts say there is an urgent need to address vulnerabilities of government and private systems controlling everything from highway traffic to financial services.

But the Senate mustered just 52 of the 60 votes needed in the 100-member body to advance the bill to a final vote, effectively sidelining it.

Business groups including the U.S. Chamber of Commerce complained that the bill would bring government over-regulation, and some Republicans wanted more opportunity to push amendments. Privacy groups and some Democrats were concerned about the potential for Internet eavesdropping in the legislation.

The White House blasted Senate Republicans for blocking the bill.

"The politics of obstructionism, driven by special interest groups seeking to avoid accountability, prevented Congress from passing legislation to better protect our nation from potentially catastrophic cyber-attacks," White House Press Secretary Jay Carney said in a statement.

There is still a slim chance for passage before January, when the current Congress ends. But with the session winding down ahead of the Nov. 6 congressional and presidential elections and lawmakers at odds over partisan issues of taxes and spending, cybersecurity may fall by the way.

The House of Representatives passed a narrower version in April, and the Senate bill needed to pass this week to give lawmakers from both chambers time to informally broker a deal on final legislation during the August recess, said Stewart Baker, a former senior official at the Department of Homeland Security and now a cybersecurity expert at the law firm Steptoe and Johnson.

The House version would allow companies and the government to share information about hacking. The current version of the Senate bill took a broader approach that would also create a set of voluntary cybersecurity standards for companies in charge of U.S. energy, water, transportation and other critical infrastructure.


The U.S. Chamber has said it was concerned the voluntary system of cybersecurity best practices could become a mandatory regulatory scheme imposed on businesses.

"(Congress) should offer businesses some legitimate carrots - and not use incentives as a thinly veiled way to regulate the business community," said Matthew Eggers, senior director of National Security and Emergency Preparedness at the U.S. Chamber.

Senate Majority Leader Harry Reid accused Republicans of bowing to the Chamber's will.

"It's obvious," the Democrat said, that until Republicans "get a sign off from the Chamber of Commerce, nothing will happen on one of the most important security interests this country has faced in generations."

Reid said he tried to push the bill to a final vote to keep Republicans from demanding votes on unrelated amendments, such as the repeal of the healthcare overhaul.

But Senate Republican leader Mitch McConnell said Democrats had tried to ram the cybersecurity bill through without adequate review.

"Look: this is a big, complicated, far-reaching bill that involves several committees of jurisdiction. Democrat leaders haven't allowed any of these committees to improve the bill or even vote on it," McConnell said.

"We descended once again to gridlock, to partisan attack and counter attack. We will leave our country vulnerable," said Senator Joe Lieberman, an Independent and a lead sponsor of the bill.

Cyber threats to the country's electric grid, water supply and other critical infrastructure, as well as pressure from constituents, could motivate senators to consider the bill again in early September when Congress returns from the recess, lawmakers and experts said.

Republican Senator Kay Bailey Hutchison told reporters a bill should be assembled from an "amalgam" of ideas from this and two other bills already offered. She said she hoped Reid would schedule such a bill to come to the floor in September.

"You don't want to have to wait until you get some kind of negative cyber activity that's in the news," said Tom Davis, a former congressman who wrote a 2002 law that required federal agencies to develop a plan for information security.

Ahead of the elections, the House is scheduled to be in session for eight days in September and a week in October, raising the question of whether such a complex issue can be tackled with only days to bring it to a vote.

Congress also is expected to hold a post-election "lame duck" session, but that is expected to be crowded with tax and budget issues.

"There's no denying that this is their last good chance to get something done as we get into election season," said Matt Wood, policy director for the public interest group Free Press.

Delaying into next year could mean new players, new congressional committee chairmen and possibly a new presidential administration, particularly as the current chairman of the key committee on the bill, Lieberman, is retiring.

"If the bill doesn't pass this year, there's a possibility that there would be substantial changes in the legislation next year because the lead Senate sponsor is retiring," said Gregory Nojeim, director of the Project on Freedom, Security and Technology at the Center for Democracy & Technology.