The United States Senate failed to pass legislation prior to the August recess that would have established security standards to prevent large-scale cyber attacks on the nation’s critical infrastructure, despite strong endorsements from top military and national security officials. The bill, known officially as the Cybersecurity Act of 2012 (S. 3414), but more commonly referred to as Lieberman-Collins, was intended to reduce cyber attacks through annual reports and regulations carried out by the National Research Council, Federal Bureau of Investigation and the Departments of State, Homeland Security and Defense.
In the hopes of moving the bill forward, Senators Lieberman and Collins agreed to soften the proposal by making stricter security standards voluntary, rather than mandatory, for the large private firms that control most of the nation’s infrastructure. Even so, Senators voted 52 to 46 in support of the bill, coming up short of the 60 votes necessary to advance the bill to final passage.
Failure to pass the measure further delays years of bipartisan efforts to establish stricter security standards. "Rarely have I been so disappointed in the Senate's failure to come to grips with a threat to our country that is all these officials have warned us, over and over again, is urgent and must be addressed now," said an impassioned Senator Susan Collins (R-ME) on the floor before the vote. "Not maybe in September, not possibly by the end of the year, not in the next Congress - but now."
Republican critics of the bill maintained that any cybersecurity standards, whether mandatory or voluntary, would place a financial strain on private companies and that government intervention isn’t necessary on this issue. Furthermore, the Senate proposal would need to be reconciled with a House bill that lacks any mention of standards and that focuses instead on the exchange of cyberthreat data between industry and government.
The outcome dealt a significant blow to bill sponsors and the White House that could mean yet another year will pass in which Congress couldn't find consensus on the issue. While Senate Majority Leader Harry Reid (R-NV) pulled his vote at the end, a move that allows him to retry the vote when Congress returns in September, it is unlikely that any legislation aimed at cybersecurity reform will be passed before the November election.
Had it passed, the measure would have created a set of voluntary security standards for private sector owners of the most vital digital infrastructure, and rewarded businesses that met them with liability protections and other incentives. In the interim, the Obama Administration is proposing to do what it can to bolster cybersecurity absent further congressional action.
“One of the things we need to do in the executive branch is see what we can do to maybe put additional guidelines and policies in place under executive branch authorities,” John O. Brennan, Obama’s top counterterrorism and homeland security adviser, said in a speech at the Council on Foreign Relations this week. “If the Congress is not going to act on something like this, the president wants to make sure we’re doing everything possible.”
“The consequences are, we’re not going to have the enhanced authorities and capabilities in the U.S. government to deal with an increasingly serious cyber challenge to our nation and critical infrastructure,” Brennan said. “President Obama has told us after Collins-Lieberman didn’t go forward to keep at it and keep pushing, and we are going to keep pushing. We’ll keep pushing on the Congress, but we’ll also do what we can with executive branch authorities.”