WASHINGTON — Sen. Harry Reid (D-Nev.) says he will bring up cybersecurity legislation during the lame-duck session following the Nov. 6 election, but signaled that does not mean the White House should back away from its potential executive order establishing baseline cybersecurity standards.
October is National Cybersecurity Month, so if the president is following through with a mandate, it could be timed for release in the next week or so.
“I will bring cybersecurity legislation back to the Senate floor when Congress returns in November,” Reid, the Senate Majority Leader, said last week. “My colleagues who profess to understand the urgency of the threat will have one more chance to back their words with action, and work with us to pass this bill.”
Cable operators support legislation to make it easier to share information on threats to cybersecurity, including liability protections for those who do the sharing. But they have concerns that establishing what the White House and Democratic backers of the Cybersecurity Act of 2012 say will be voluntary standards will morph into government mandates that reduce Internet service providers’ flexibility to respond to evolving threats in real time.
Reid seconded a warning sounded two weeks ago by Defense Secretary Leon Panetta, who warned in a speech that legislation was needed to prevent a potential 9/11- like cyberattack.
“A cyberattack could cripple our economy and infrastructure, sow chaos and cost lives,” he said in announcing the renewed legislative effort. “We know what tools our national security community needs — but in sadly predictable fashion, Senate Republicans are blocking a comprehensive cybersecurity bill that would make those tools available.”
The Cybersecurity Act of 2012 focuses on establishing minimum standards for critical infrastructure protection, while a Republican version, the SECURE IT Act, which is more to the cable industry’s liking, focuses on information-sharing.
The two sides agree there is a cyberthreat from nation states, hackers and hacktivists, but could not agree on a compromise between the two bills.
President Obama’s executive order is expected to follow the outlines of the Democratic bill, which he supported during the summer battle over cybersecurity bills. Reid did not suggest that effort should be superseded by the lame duck attempt to pass a bill, though, like Panetta, he said legislation was the best answer.
A telecom lobbyist speaking on background saw Reid’s pledge as cover for the president’s order, rather than as a suggestion he was ready to compromise on legislation.
“The question is, is Reid saying that for political cover to give the White House the ability to move forward on the executive order by bringing up the same bill that didn’t pass muster in the Senate, or is he really serious about negotiating with Republicans to try to find common ground?” the lobbyist asked. “Many people think it is the first.”