A bipartisan group of Senators last week introduced a new version of their cybersecurity legislation, the Cybersecurity Act of 2012 (“CSA 2012”), in an effort to secure enough votes for passage. The bill, the origin of which dates back to February, represents a compromise and possible best bet for passing comprehensive legislation this year to address the issue of protecting our nation’s critical infrastructure from the increasing threat of cyber attacks. Homeland Security Committee Chairman Joe Lieberman (I-CT) and Ranking Member Susan Collins (R-ME), who are among the bill’s sponsors, expressed optimism that the bill could be considered on the floor as early as this week.
CSA 2012 would create an interagency body, the National Cybersecurity Council (the “Council”), which would be chaired by the Department of Homeland Security and include members from the Departments of Defense, Commerce, Justice, and the Intelligence Community, sector-specific Federal agencies, and Federal agencies with responsibility for regulating the security of covered critical infrastructure. A public-private partnership would be established, with industry developing cybersecurity practices and the Council ensuring the adequacy of those practices. The bill implements a “carrot” approach to the adoption of standards, rewarding private business owners who choose to participate in the voluntary program with benefits such as certain liability protections and receipt of relevant real-time cyber threat information.
Senator Lieberman conceded that the original bill was stronger, as it included mandatory standards as opposed to voluntary ones, but suggested that, if it doesn’t work, a future Congress can always revisit the issue. Senate Republicans considered the regulatory mandates on businesses to be the most objectionable provisions in previous versions of the legislation. Senator Lieberman’s desire to compromise is clearly being fueled by a sense of urgency in addressing the issue of cybersecurity. He remarked in a statement released upon the bill’s introduction that “we must respond with speed and resolve to a threat that will only increase.” Senator Collins said that the bill introduced represented the Senate’s “best chance” at passing cyber security legislation this year.
Despite the optimism expressed by some Members, its fate remains uncertain. Senator John McCain (R-AZ), the sponsor of a Republican alternative proposal, objects to Senate Majority Leader Harry Reid’s (D-NV) plan to bring the bill to the Senate floor via an expedited process that skips over approval at the committee level. When asked during a press conference yesterday whether he had the sixty votes necessary to bring the bill to the floor, Majority Leader Reid responded that he didn’t know, but that “we have to move on this.”