Co-sponsors of a Senate cybersecurity bill ( S. 3414,) say the U.S. Chamber of Commerce mischaracterized their bill and add they are "baffled" by the chamber's opposition to it. The Chamber maintains it still supports cybersecurity legislation, just not the one those senators have proposed.
The Senate is scheduled to vote to start taking up S.3414, later today (July 30).
In a letter to the Chamber, Senate Commerce Committee Chairman Jay Rockefeller (D-W. Va.) characterized their bill as voluntary and incentive-based, as the Chamber itself championed. "We have moved to a voluntary approach after extensive discussion with your organization, other private companies, and other members of the Senate."
The Chamber sent a letter last week to key members of the Senate expressing their concerns with the bill and their support for a Republican alternative, the SECURE IT Act.
While the bill may not make cybersecurity standards mandatory, it does give federal agencies like the FCC the authority to mandate the standards and requires agencies who have not done so within a year to explain why. That language has led to the suggestion by bill opponents that the standards are voluntary in name only.
Rockefeller and company say they met with chamber representatives Friday--the date on the Senators' letter--and have solicited input on specific legislative text.
The bill's sponsors say they have already weakened the bill to try and get support from its critics, primarily Republicans who want the bill to me mostly about information sharing and industry protections from liability for that sharing.
The chamber argues that the bill was rushed to the floor without a markup or hearing--a criticism Senator John McCain (R-Ariz.) made last week in pushing his bill, the SECURE IT Act, which focuses on information sharing and is similar to a bill already passed in the House.
"The criticisms of our positions are little more than a distraction from central issues not addressed by S. 3414. First, public policy should help businesses battle sophisticated cyber threats," says Chamber spokesman Bobby Maldonado. "One immediate way to do this is through passing information-sharing legislation, such as SECURE IT and CISPA, which clearly incentivizes businesses to disclose cyber threat information that would benefit their peers and the government. Second, if Congress wants to encourage businesses to enhance their cybersecurity for the public good, which is a worthy goal, then it should offer businesses some legitimate carrots-and not use incentives as a thinly veiled way to regulate the business community."