Sen. Joseph Lieberman, I-Conn., said he expects the Senate to begin debate on the Cybersecurity Act this week. (Getty Images)
Two leading senators expect the Senate will move forward later this week with cybersecurity legislation that would reward critical infrastructure owners who meet voluntary security standards.
Sen. Joseph Lieberman, I-Conn., said at a news conference Tuesday he is confident there is enough support in the Senate to at least begin debate on the Cybersecurity Act before members leave for their August recess.
Although Sen. Susan Collins, R-Maine, is a co-sponsor of the bill, S. 3414, opposition from her fellow Republicans could hold it up. Sen. John McCain, R-Ariz., this week called on the Senate to delay a vote on the “controversial and flawed” cybersecurity bill. Senate Majority Leader Harry Reid, D-Nev., on Tuesday rejected McCain’s call and urged the Senate to speed debate on the bill.
But Reid told reporters he isn’t sure if enough Republicans will vote to debate the bill.
“I’ve said many, many times, amendments will be allowed that are relevant to this issue,” Reid said. “There’s no reason we can’t have a debate on this. So if they’re going to stop this, I am dumbfounded why.”
Under the bill, owners of critical infrastructure — such as dams, energy and water systems — would become eligible for certain benefits if they voluntarily show they meet certain cybersecurity practices through a third-party verification or certification. Those benefits would include liability protections in the event of a cyber attack on their systems, expedited security clearances and priority assistance with cybersecurity issues.
The bill would establish a multiagency council chaired by the secretary of the Department of Homeland Security, which would assess the risks and vulnerabilities of critical systems and work with industry to develop voluntary security practices.
The most critical systems would have to report significant cyber incidents to the government. There are also provisions to permit information sharing about cyber attacks and best practices between the public and private sector.
Sens. Jay Rockefeller, D-W.Va., Dianne Feinstein, D-Calif., and Tom Carper, D-Del., are among the bill’s co-sponsors. Rockefeller and Carper also said at the conference they think the Senate will start debating it soon.
The first iteration of the bill, introduced in February, would have authorized DHS to regulate security standards for privately owned systems it deemed to be the most critical, or those that, if attacked, would cause death, severe economic damage or national security risks. Under that bill, DHS would have worked with industry to set new security standards if none existed. Companies were to decide how to comply with the standards and to self-report annually to DHS to prove they had done so.
Replacing cybersecurity mandates with voluntary security standards, however, has not gained the bill as much support as Lieberman and other top lawmakers had hoped. “It’s disappointing,” he said.
“We have gained enough to mount that first threshold of being able to proceed to the bill,” Collins said. “This measure represents the Senate’s best chance to pass a cybersecurity bill this year, which should be an urgent priority for all of us.”