It’s not a matter of whether a catastrophic cyberattack will happen, but when. That’s the message Senate backers of broad cybersecurity legislation repeated over and over on Tuesday as they sought to highlight what they see as the danger of inaction.
Experts differ on the likelihood of a truly disastrous cyberattack or cyberwar, but lawmakers have latched onto the worst-case scenarios to try to sell legislation designed to head off such attacks, as well as the kind of cybercrime that happens every day.
“We’re not offering this proposal in a vacuum,” Senate Homeland Security Chairman Joe Lieberman, ID-Conn., told reporters on Tuesday. “We are responding to a very serious situation. The danger to the United States is clear, present, and growing.”
Lieberman and his fellow sponsors of the Cybersecurity Act of 2012 are trying to round up enough votes to send the bill to the House. But first, the bill has to overcome opposition from some Republicans who say the bill isn’t ready for prime time.
That fight will play out as soon as Wednesday as the Senate debates a procedural motion to proceed with debate on the bill.
Senate Armed Services ranking member John McCain, R-Ariz., a longtime critic of the Cybersecurity Act, says the Senate is rushing to debate a bill that still contains too many government regulations.
Senate Majority Leader Harry Reid, D-Nev., rejected that argument on Tuesday, but he admitted that it's still not clear if the bill has the 60 votes needed to overcome a filibuster. Democrats seem to have coalesced behind the bill, but Reid said he will be “dumbfounded” if Republicans don’t vote to proceed with the bill.
Lieberman and other sponsors introduced compromise language last week designed to win support from businesses and Republicans. Instead of allowing the Homeland Security Department to develop and enforce mandatory cybersecurity standards for certain critical networks, as proposed by the White House and included in the original bill, the revised proposal relies on incentives such as liability protection and prioritized technical assistance to help goad businesses into adopting voluntary standards.
But those changes did little to sway vocal critics like McCain, and supporters of mandatory standards accused the sponsors of giving up too quickly. Even Senate Minority Whip Jon Kyl, R-Ariz., whose ideas were among those included in the compromise language, told National Journal Daily that he doesn’t think the bill is ready. “There’s nothing resolved yet,” he said.
But Senate Homeland Security and Governmental Affairs ranking member Susan Collins of Maine, the bill’s lone Republican sponsor, said she’s convinced the changes will at least allow the Senate to move ahead with the debate.
“This represents the best chance to pass a cybersecurity bill this year,” she said. “The headlines and the data make clear we have already waited too long to address this threat.”
The bill has been stalled for months as the Senate has wrangled over other issues and supporters sought to overcome concerns about standards as well as fears that proposals to share more information between businesses and government could undermine privacy.
The bill has the support of President Obama, who has called for its passage, but its chances are less clear in the House, which has passed its own cybersecurity proposals. Still, Lieberman says that if the Senate can pass his bill, he thinks it will have a good chance of success in conference.
In addition to creating a system for voluntary security standards, the Cybersecurity Act would encourage businesses and government agencies to share cyberthreat information with each other, update federal network security by requiring agencies to continuously monitor their systems, and boost measures to train and recruit cybersecurity professionals.