The US Senate has rejected a procedural motion to move forward the Cybersecurity Act of 2012, co-sponsored by Senators Joe Lieberman (I-Conn.) and Susan Collins (R-Maine), by a vote of 51-47. In a crowded field of cybersecurity proposals in 2012, the Lieberman-Collins bill was widely seen as the last chance for the Senate to pass cybersecurity legislation this year.
Avoiding objections among civil liberty groups to proposals for a military-led federal cybersecurity effort, headed by the NSA, the Cybersecurity Act taps the civilian Department of Homeland Security as the lead federal cybersecurity agency. The most comprehensive bill put before Congress, the Cybersecurity Act embraces a dual approach to cybersecurity, facilitating information sharing between private actors and the government and granting DHS authority to issue security standards for industry sectors designated as “critical infrastructure.” Also included in the bill are grants and other support for research, education and cybersecurity awareness programs.
Republican senators blocked the Cybersecurity Act in August over concerns that the minimum security standards would create unnecessary and burdensome new regulations, which were strongly opposed by the powerful U.S. Chamber of Commerce pro-business lobby, as well as interest groups representing nearly every sector of our economy. Republicans also questioned the ability of the DHS to develop an effective regulatory regime that provided enough flexibility as to not stifle innovation. Republicans and the Chamber favored the Secure IT Act, introduced by Sen. John McCain (R-Arizona), which focused on an information sharing regime that offered incentives and liability protections for the private sector to share cyber threat information amongst themselves and the federal government.
President Obama expressed support for the Leiberman-Collins bill. Rumors of an executive order implementing much of the Cybersecurity Act through existing agency authority have persisted since the Cybersecurity Act’s August stumble. After this final blow to cybersecurity legislation in 2012, it is unclear whether the President will act now or wait for the 113th Congress to convene in January. Stay tuned for further developments.