With an already full schedule and no clear path forward for compromise, there is not much optimism that Congress will pass a cybersecurity bill this year, regardless of the outcome of the election. Senate Homeland Security Committee Chairman Joe Lieberman (I-CT), for whom passing a comprehensive cybersecurity measure is a major priority, recently conceded that legislation has a less than 50-50 shot of passing during the lame duck session. Senator Lieberman will be retiring at the end of this Congress and so the lame duck also represents his last shot at addressing the issue.
Cybersecurity legislation offered by Lieberman and Homeland Security Committee Ranking Member Susan Collins (R-ME), the Cybersecurity Act of 2012, came up short of the 60 votes needed for passage just before Congress broke for the August recess. The bill represented a compromise from the version as introduced, making security standards for businesses voluntary instead of mandatory - a point that was a non-starter for many Republicans and business groups. Republicans have expressed interest in moving forward with consensus legislation, but differences remain on what that should entail.
In lieu of Congressional action on cybersecurity, President Obama has suggested that he will seek to address the issue through an executive order. The President has called cyber threats “one of the most serious economic and national security challenges we face as a nation.” President Obama issued a proclamation this week making October “National Cybersecurity Awareness Month,” a move without much in the way of actual implications, but that seeks to highlight the issue. The White House first began to draft an executive order after the Senate failed to pass the Cybersecurity Act, which was viewed as the best hope of addressing the issue this year. The draft is reported to include many provisions from the Cybersecurity Act, including, voluntary standards for private companies, protections placed on vital infrastructure systems, and the creation of a Homeland Security Department council with representatives from various departments to assess and report on cyber security issues.
Earlier this week several Republican Senators sent a letter to the President urging him to work with Congress on cybersecurity legislation rather than “act unilaterally through an Executive Order.” The Senators expressed concern that an executive order would only serve to solidify the present divide among stakeholders. Senator Collins, one of the six senators on the letter, earlier this week called the executive order a “big mistake”, stating that the order “can’t grant the liability protections that are needed in order to encourage more participation by the private sector, so the executive order simply cannot accomplish what legislation can.”