The U.S. Senate on Thursday voted against moving forward on the Cybersecurity Act of 2012, ending the bill's chances at final passage. The final blow came despite U.S. President Barack Obama's statements saying the legislation would help the U.S. fight "the cyber threat to our nation," which he called "one of the most serious economic and national security challenges we face."
Senate Republicans succeeded to stop a desperate attempt by Senate Democrats to force a final vote on the measure. 60 votes were required under Senate rules, but the final tally was 52 to 46, largely along party lines.
The Cybersecurity Act of 2012 (PDF), first introduced in February 2012, set cyber security standards for critical infrastructure, and gave legal immunity to companies who would meet them. Its main goal was to encourage information sharing on cyber threats between businesses and the U.S. government, giving incentives to companies that adopt the protections against hackers and malware.
The new law would have required the Department of Homeland Security to assess risks and vulnerabilities of computer systems running at critical infrastructure sites. Annual reports from the departments of Justice, Homeland Security, Defense as well as the Intelligence Community Inspectors General, would have to describe what information is received, who gets it, and what is done with it. On the other hand, it also would have given Americans the right to sue the government if it intentionally or willfully violates the law.
Security experts worried private companies wouldn't make upgrades to protect their computer networks without enforceable regulations, while business lobbyists argued regulations would harm many firms. As such, the improved bill included amendments that narrow the definition of what information about cyber threats could be shared between companies and the government. It also said companies would provide cybersecurity information mainly to civilian agencies, as opposed to with military groups.
Today, despite the strong leadership of Senators Reid, Lieberman, Collins, Rockefeller and Feinstein, an overwhelming majority of Senate Republicans blocked consideration of the Cybersecurity Act of 2012, the only comprehensive piece of cybersecurity legislation that would have begun to address vulnerabilities in the nation’s critical infrastructure systems. Senate Republican opposition to this vital national security bill, coupled with the deeply-flawed House information sharing bill that threatens personal privacy while doing nothing to protect the nation’s critical infrastructure, is a profound disappointment. The Administration sent Congress a legislative package in May 2011 that included the new tools needed by our homeland security, law enforcement, intelligence, military and private sector professionals to secure the nation, while including essential safeguards to preserve the privacy rights and civil liberties of our citizens. Since that time, Administration officials have testified at 17 hearings on cybersecurity legislation and presented over 100 briefings, including two all-Member Senate briefings and one all-Member House briefing. Despite the President’s repeated calls for Congress to act on this legislation, and despite pleas from numerous senior national security officials from this Administration and the Bush Administration, the politics of obstructionism, driven by special interest groups seeking to avoid accountability, prevented Congress from passing legislation to better protect our nation from potentially catastrophic cyber-attacks.
The American Civil Liberties Union (ACLU), which has been fighting the bill from the start, is pleased with the latest news. That being said, the organization warns the battle may have been won, but the war is far from over.
"Regardless of today's vote, the issue of cybersecurity is far from dead," ACLU legislative counsel Michelle Richardson said in a statement. "When Congress inevitably picks up this issue again, the privacy amendments in this bill should remain the vanguard for any future bills. We'll continue to work with Congress to make sure that the government's cybersecurity efforts include privacy protections. Cybersecurity and our online privacy should not be a zero sum game."
The Information Technology Industry Council (ITI) was meanwhile quite disappointed with the news. "The Senate vote is a reminder that we have a long way still to go," Dean Garfield, ITI's president and chief executive, said in a statement. "We hope that, despite this setback, Senators will continue to work with stakeholders and reach agreement on a proposal that embraces security innovation as the best way to counter the threats we all know are out there. Any effort must recognize the critical importance of private-sector leadership for information and communications technology innovation, increased information sharing, and a risk-management approach."