Sen. Lieberman Implores Senate to Pass Cybersecurity Bill


Sen. Joe Lieberman said on Tuesday he thought a compromise was in reach on his Cybersecurity Act of 2012 (S. 3414), while that seemed a distant hope for other bill backers given that Republicans attempted to use the bill for yet another vote to reverse the president's healthcare law.

Lieberman (Ind-Conn.) said that thanks to the peacemaking efforts of Senators including Sens. Jon Kyl (R-Ariz.) and Sheldon Whitehouse (D-R.I.), a chasm had been reduced to a manageable gap that could be bridged.

Sen. Charles Schumer (D-N.Y.) did not appear as sanguine about the prospects, suggesting Republicans might succeed in blocking action on the bill.

Among the key issues separating Republicans and Democrats are just how voluntary cybersecurity standards will be and how information can be shared among the private sector and with the government while still protecting privacy. Lieberman suggested many of those had been addressed in the compromise bill. "If we build this right, they will come," he said.

Another issue with the bill was both the number -- north of 70 -- and type of amendments. Lieberman said they should be germane, rather than say on healthcare (Republicans) or gun control (Democrats). "Hold back these irrelevant amendments," he implored.

Lieberman said he had met Monday with cybersecurity execs including at Defense and DHS and the FBI, who all said the legislation was needed to help them prevent a cyberattack threatening critical infrastructure. He said that without the tools and protections in this bill, it was not a case of whether that attack would happen, but when.

One of those officials, Commander of U.S. Cyber Command General Keith Alexander, sent letters to Senate leaders Tuesday expressing his strong support for the Lieberman bill. "Information sharing alone, however, is insufficient to address the vulnerabilities to the Nation's core critical infrastructure," he said.

Sen. Kyl was reportedly working over the week on a compromise on the issue of voluntary standards. The bill gave federal agencies the ability to independently codify and enforce those standards, but the latest Kyl version was said to remove that and put the codification call in the hands of a cybersecurity council made up of a number of agencies. His office had not returned a call for comment at presstime.

Lieberman said that Kyl and others had helped reach compromises that could move the bill forward.

His plan is to introduce the latest version as a manager's amendment in the form of a substitute. He said he thought there was broad agreement on a voluntary, collaborative partnership that allowed for info sharing while still protecting privacy, provided carrots to industry in the form of liability protection for that sharing in the event of attacks or data breaches, and was a totally voluntary system. He said another carrot would be avoiding Congress' mandating of cybersecurity standards down the line if the voluntary regime did not work.

"I decided it needed to be voluntary in order to getting [a bill] passed," he said. "If it doesn't work, and the threat grows, some future Congress will make it mandatory," he said. "This is the time for rational thoughtful discussion and legislation that will begin a process that will go on for years," he said.

He also said that parties outside of Congress could hold fast to their positions, but that they had to get something done.

NCTA supports the Republican version of a Senate cybersecurity bill, the SECURE IT Act, which focuses on information sharing. Cable operators are concerned about government cybersecurity standards if they become mandatory directives that would reduce their flexibility to respond to attacks.