Sen. Joe Lieberman said on Tuesday he thought a compromise
was in reach on his Cybersecurity Act of 2012 (S. 3414), while that seemed a
distant hope for other bill backers given that Republicans attempted to use the
bill for yet another vote to reverse the president's healthcare law.
Lieberman (Ind-Conn.) said that thanks to the peacemaking
efforts of Senators including Sens. Jon Kyl (R-Ariz.) and Sheldon Whitehouse
(D-R.I.), a chasm had been reduced to a manageable gap that could be bridged.
Sen. Charles Schumer (D-N.Y.) did not appear as sanguine
about the prospects, suggesting Republicans might succeed in blocking action on
Among the key issues separating Republicans and Democrats
are just how voluntary cybersecurity standards will be and how information can
be shared among the private sector and with the government while still
protecting privacy. Lieberman suggested many of those had been addressed in the
compromise bill. "If we build this right, they will come," he said.
Another issue with the bill was both the number -- north of
70 -- and type of amendments. Lieberman said they should be germane, rather
than say on healthcare (Republicans) or gun control (Democrats). "Hold
back these irrelevant amendments," he implored.
Lieberman said he had met Monday with cybersecurity execs
including at Defense and DHS and the FBI, who all said the legislation was
needed to help them prevent a cyberattack threatening critical infrastructure.
He said that without the tools and protections in this bill, it was not a case
of whether that attack would happen, but when.
One of those officials, Commander of U.S. Cyber Command
General Keith Alexander, sent letters to Senate leaders Tuesday expressing his
strong support for the Lieberman bill. "Information sharing alone, however, is
insufficient to address the vulnerabilities to the Nation's core critical
infrastructure," he said.
Sen. Kyl was reportedly working over the week on a
compromise on the issue of voluntary standards. The bill gave federal agencies
the ability to independently codify and enforce those standards, but the latest
Kyl version was said to remove that and put the codification call in the hands
of a cybersecurity council made up of a number of agencies. His office had not
returned a call for comment at presstime.
Lieberman said that Kyl and others had helped reach
compromises that could move the bill forward.
His plan is to introduce the latest version as a manager's
amendment in the form of a substitute. He said he thought there was broad
agreement on a voluntary, collaborative partnership that allowed for info
sharing while still protecting privacy, provided carrots to industry in the
form of liability protection for that sharing in the event of attacks or data
breaches, and was a totally voluntary system. He said another carrot would be
avoiding Congress' mandating of cybersecurity standards down the line if the
voluntary regime did not work.
"I decided it needed to be voluntary in order to
getting [a bill] passed," he said. "If it doesn't work, and the
threat grows, some future Congress will make it mandatory," he said.
"This is the time for rational thoughtful discussion and legislation that
will begin a process that will go on for years," he said.
He also said that parties outside of Congress could hold
fast to their positions, but that they had to get something done.
The National Cable and Telecommunications Association
supports the Republican version of a Senate cybersecurity bill, the SECURE IT
Act, which focuses on information sharing. Cable operators are concerned about
government cybersecurity standards if they become mandatory directives that
would reduce their flexibility to respond to attacks.