Lawmakers to consider new compromise cybersecurity bill before defense budget

Several top lawmakers in a July 24 press briefing on Capitol Hill announced a new deal on cybersecurity legislation, and are expected to take up the compromise bill by the end of the week given the urgency of preventing a “cyber 9/11.”

Senate Majority Leader Harry Reid (D-Nev.) has reportedly said the cybersecurity bill will be next up for consideration on the floor, a move that drew criticism from Sen. John McCain (R-Ariz.) earlier in the week.

McCain blasted the decision to consider the cybersecurity bill ahead of the waiting defense authorization bill, but at the press conference, Sen. Joe Lieberman (I-Conn.) defended the move.

“In terms of urgency, I believe the cybersecurity bill is more urgent,” Lieberman said. “We’re not imagining this threat. We’re being attacked through cyberspace every day. The reality is a lot of the private companies that own critical cyber infrastructure are doing a good job in defending that cyber infrastructure and our country, but a lot of them are not.”

The compromise bill contains amendments to the bipartisan Cybersecurity Act of 2012, which Lieberman introduced. The amendments are intended to address some of the concerns of Republicans, who have introduced separate cybersecurity legislation featuring a more hands-off approach. 

“This bipartisan bill is the result of compromise,” Lieberman said at the briefing, where he was flanked by four other bill co-sponsors. “We co-sponsors, to be blunt, gave up some things that we thought were important in our original bill, but given the urgency and seriousness of the cyber threat to our country, we thought it was more important to move forward with a bill that we’re confident will significantly strengthen our cybersecurity.”

The senators at the press briefing said the new bill is lighter on regulatory mandates that would have come from the Homeland Security Department, and instead focuses more on incentives, such as liability protection, for businesses – including those managing critical infrastructure – that participate.

“Instead of sticks, we’re using carrots,” said Sen. Tom Carper (D-Del.), who highlighted the bill’s emphasis on public-private partnership while cautioning that this bill “is not the finish line.”

Carper said the bill includes framework for sharing cyber threat information between the private sector and government, and also includes security measures such as plans for replacing outdated paper-based security practices with more agile, real-time systems that continuously monitor networks and assets.

Additionally, there are provisions for investment in cybersecurity training and educational programs for the next-generation working class, as well as prioritized research and development in cyber technology, Carper noted.

"This is the best chance to pass a cybersecurity bill this year, which should be a priority for all of us,” said Sen. Susan Collins (R-Maine), who expressed confidence that the changes to the bill would likely garner enough GOP votes to push the bill through.