Senate Fails to Advance Cybersecurity Bill

Majority Leader Harry Reid., D-Nev., again slammed the U.S. Chamber of Commerce for its opposition to the bill. In a floor speech before the vote, he said: “The Chamber of Commerce does not support this legislation and that’s why the Republicans are running like scared cats. … I am disappointed that nothing will happen on one of the most important security risks this country has faced in a generation,” he said.

Five Democrats voted against cloture, including Reid, who immediately moved to reconsider the bill in a procedural move that keeps S-3414 on the Senate calendar. The other Democrats voting against the bill were Sens. Max Baucus, Mont.; Robert Menedez, N.J.; Jon Tester, Mont.; and Ron Wyden, Ore. Tester told us following the vote the bill “reminded [him] a lot of the PATRIOT Act,” meaning “too much government, too many new rules, too much intervention for regular folks.”

Sen. Joe Lieberman, I-Conn., told us he worked with Wyden but was unable to alleviate his concerns about the privacy implications of the bill. The bill could have permitted telecommunications companies to voluntarily share threat information and data with the Department of Homeland Security that could be subsequently shared with the National Security Agency and Department of Defense. Wyden previously advocated language to strengthen the privacy protections of the bill and introduced three amendments, including one that would require a warrant for the agencies to monitor citizens’ mobile devices.

The U.S. Chamber of Commerce stood firm in its opposition to the bill, which it said would give the federal government too much control over what actions the business community could take to protect its computers and networks. “Businesses need concrete certainty that they would have an equal voice over the direction of the program and that the program would be responsive and dynamic, just like the Internet itself,” said Ann Beauchesne, vice president-national security and emergency preparedness at the Chamber. “The sponsors have done the right thing to incentivize the private sector to join the cybersecurity program by offering limited liability protections to critical infrastructure entities, but the protections need to be strengthened and extended to any private-sector participant that opts in,” she said in a statement.

The lead authors of the bill, Sens. Lieberman and Susan Collins, R-Maine, expressed their frustrations during a press conference after the vote. “What broke down in this case, it’s standard stuff, failure to compromise,” Lieberman told reporters. “This is a moment of disappointment that I cannot conceal.” Collins said: “It is incomprehensible to me that we would not proceed to this bill. There certainly is plenty of blame to go around but I believe with good faith on both sides we could have completed action on this issue.”

Sponsors said they'll continue work to advance the bill and noted that Reid’s vote would keep the bill alive. “Sen. Reid feels that this is so important a national security matter that he is not going to close the door on it until the door closes on this session,” Lieberman said. “Maybe this is a time to cool our jets, this is not a time to turn them off,” said Sen. Tom Carper, D-Del., who also sponsored the bill.

The White House separately denounced GOP members for opposing the bill. “Senate Republican opposition to this vital national security bill, coupled with the deeply-flawed House information sharing bill that threatens personal privacy while doing nothing to protect the nation’s critical infrastructure, is a profound disappointment,” the administration said by email. “Despite the president’s repeated calls for Congress to act on this legislation, and despite pleas from numerous senior national security officials from this administration and the Bush administration, the politics of obstructionism, driven by special interest groups seeking to avoid accountability, prevented Congress from passing legislation to better protect our nation from potentially catastrophic cyber-attacks.”

"Not passing a [cybersecurity] bill is certainly not an option,” said Senate Minority Leader Mitch McConnell, R-Ky. “This bill will be back because it must be back,” he told reporters after the vote. “The vote today is not the end of the discussion but rather the beginning of the discussion.” McConnell criticized the process by which the bill’s sponsors offered and introduced S-3414. “This bill backed right up against a recess, never went through a committee, no amendments were allowed and we decided, appropriately given the complexity and the number of members who have interest and expertise on this issue, to not finish it today,” he said.

Sen. Kay Bailey Hutchison, R-Texas, denounced in a press conference what she called the “regulatory” bill that would have been counterproductive to securing the nation’s critical infrastructure. The bill is “not one that will achieve the purpose that all of us want which is to have a private sector way to share information and receive information in an efficient way that will determine if there are cyberthreats or cyberattacks and help protect other infrastructure,” she said.

House Cybersecurity Task Force Chairman Mac Thornberry, R-Texas, urged the Senate to vote on the four House-passed cybersecurity bills in order to “help protect the nation.” In May the House passed the Cyber Intelligence Sharing and Protection Act (CISPA) (HR-3523), the Federal Information Security Amendments Act (HR-4257), the Cybersecurity Enhancement Act (HR-2096), and the Advancing America’s Networking and Information Technology Research and Development (NITRD) Act (HR-3834). Thornberry said in an emailed statement it may be possible to “borrow some of the Senate privacy provisions to strengthen the House bills even further."

CISPA co-sponsor Rep. Dutch Ruppersberger, D-Md., said in an emailed statement the Senate’s failure to act on cybersecurity is “incredibly disappointing.” This “should not be the end of the line for cyber security legislation in this Congress,” he said. “I urge the Senate to regroup, focus on areas where there is agreement, and pass cyber security legislation that our country so critically needs.” Rep. Adam Schiff, D-Calif., also urged in a separate statement that senators take up the bill before America’s adversaries “take advantage of our delay and the damage is devastating.”

The Center for Democracy & Technology was “very pleased with the progress that had been made to improve the information sharing language” in S-3414, said Gregory Nojeim, director of the group’s Project on Freedom, Security & Technology. Gen. Keith Alexander’s concession that his National Security Agency doesn’t need to be the “focal point” of information sharing was also encouraging, Nojeim said: Legislation that empowers private-sector entities to share information with each other “would be the most effective in securing networks and pose the lowest risk to civil liberties.” TechAmerica is “ultimately disappointed in the failure” of senators to compromise on cybersecurity legislation before the August recess despite “feverishly” working toward consensus, said President Shawn Osborne. Senators should nonetheless “work together during August to come to consensus and return in September to pass” legislation that preserves “the vitality of innovation” and promotes the information and communications technology sector’s “ability to respond to constantly evolving cyberthreats while addressing the critical threats to our nation’s cybersecurity,” he said.