Senate to Vote on Cybersecurity in Lame Duck, Reid Says
Majority Leader Harry Reid, D-Nev., will again bring cybersecurity legislation to the Senate floor when Congress returns in November after the election. The move follows a GOP rallying cry to let Congress handle cybersecurity rather than President Barack Obama issuing a cybersecurity executive order, which is in draft form (CD Oct 3 p13). Bringing cybersecurity to a vote also gives Congress another chance to hash out a compromise on the issue, a Senate aide said. But a former Department of Homeland Security (DHS) official during George W. Bush’s presidency said Reid’s move may not be a sincere attempt to get a new deal. Obama is right to “examine all means at his disposal” for confronting cyberthreats, Reid said in a news release Saturday.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
Reid again blamed GOP members for blocking the Senate Cybersecurity Act in August and urged them to end their “Tea Party-motivated obstruction” of S-3414. “My colleagues who profess to understand the urgency of the threat will have one more chance to back their words with action, and work with us to pass this bill,” he said. Though senators voted 52-46 against cloture on S-3414 in August, Reid was able to keep the bill on the Senate calendar by voting against cloture and immediately moving to reconsider the bill. Five other Democrats voted against the bill: Sens. Max Baucus and Jon Tester, both of Montana; Oregon’s Ron Wyden and Jeff Merkley; and Mark Pryor of Arkansas. They did not comment.
Reid’s lame-duck plan gives Republicans “a chance to step up and actually spend some time protecting our national security,” said a spokesman for Senate Commerce Committee Chairman Jay Rockefeller, D-W.Va. “At the end of July when the bill was on the floor, we were asking for a list of 10 amendments from the GOP to keep moving on the floor but never received a list,” the spokesman said. “I think that’s the first step to have any meaningful action in the lame duck.” None of the sponsors of the GOP-backed SECURE IT Act (S-2151) would comment.
Sen. Joe Lieberman, I-Conn., commended Reid’s decision and reaffirmed his desire to develop basic cybersecurity standards for businesses. “The need to establish minimum security standards to protect our most important cyber systems cannot be overstated,” said Lieberman, who authored S-3414. “I appeal to our colleagues in the Senate and outside groups such as the U.S. Chamber of Commerce, who have opposed cybersecurity legislation, to come to the negotiating table in the spirit of compromise so that together we can act to protect our country from cyber attack before it is too late.”
The Chamber remains a firm opponent of the Senate Cybersecurity Act, said Ann Beauchesne, the group’s vice president of national security and emergency preparedness. “There are several elements that our members disagree with, but we are committed to finding a solution.” In August, the business lobbying group opposed S-3414 because it said the bill would give the federal government too much control over what actions the business community could take to protect its computers and networks (CD Aug 3 p3).
For the Chamber to support S-3414, the bill would have to “adequately address” the group’s desire for liability protections that protect the sharing of cyberthreat information between government and the business community, a Chamber spokeswoman said. She said the legislation cannot include any cybersecurity regulations for businesses, which the Chamber said would shift businesses’ resources toward meeting government mandates. The Chamber supports the SECURE IT Act, and the House-passed Cyber Intelligence Sharing and Protection Act, HR-3523, which contain no cybersecurity guidelines for businesses.
Senate Minority Leader Mitch McConnell, R-Ky., and the Chamber “teamed up months ago” to sink the bill, Rockefeller’s spokesman said: They “knew they wouldn’t let the Senate actually debate, but had to pretend that they were giving these urgent cyber threats ’thoughtful’ consideration.” As a result Rockefeller asked CEOs from the nation’s top 500 companies to detail their thoughts on corporate cybersecurity practices, in letters sent last month (CD Sept 20 p8). Rockefeller sent the letters because “he had a feeling the Chamber wasn’t accurately representing all of their member companies and we've seen some of that in the responses,” his spokesman said. Rockefeller is reviewing the letters and his spokesman wouldn’t say if the responses will be released. Sen. Tom Carper, D-Del., and colleagues have tried to move S-3414 forward “a number of times and remain ready and willing to negotiate about additional changes needed to address concerns with the current legislation,” he said in an email Monday.
Ex-DHS Assistant Secretary Stewart Baker said he’s skeptical that lawmakers would be able to agree on a path forward on cybersecurity during the lame-duck Congress. “The dynamics of the lame duck depend entirely on the outcome of the election,” he said by email. “But the Majority Leader’s statement didn’t exactly look like an olive branch to the Republicans, so I'm not sure that the dynamic will change.”