Senate cybersecurity debate looms, will it happen in July?

Sen. Tom Carper (D-Del.) said that he and Joe Lieberman (I-Conn.), the sponsor of the Cybersecurity Act of 2012, pressed Majority Leader Harry Reid at a luncheon meeting of Senate Democrats this afternoon to move the bill to the floor next month. Appearing later in the day at a cybersecurity policy forum on Capitol Hill, Carper urged attendees to prevail on their representatives to begin consideration of the legislation, which would

[ Related: Cybersecurity Bill Revised to Ease Privacy Concerns ]

Carper cited other recent bipartisan legislative efforts in the Senate that have moved through an open floor debate that invites lawmakers to introduce and debate amendments, including a major reform of the troubled U.S. Postal Service that he co-sponsored.

Cybersecurity Threats Real, But Should Government Get Involved

Cybersecurity has not been an easy area in which to legislate, though it's hardly for lack of trying. As a starting point, there is a rough consensus that the threats are real and that the current legal framework is inadequate to protect critical infrastructure. Lawmakers on both sides of the aisle are receptive to the idea of boosting education and research and development and to facilitating the sharing of information about emerging cyber threats. But consensus has been in short supply when it comes to other more controversial aspects of the debate, such as the proper role of the federal government in protecting critical infrastructure, the vast majority of which is owned and operated by private-sector firms.

Carper described what some senators have dubbed the 80-20 rule, which argues that even lawmakers at opposing ideological poles might agree on 80 percent of the policy proposals for a given issue, and that sensible legislation can emerge if they focus on that portion, rather than deadlock over the 20 percent where their differences are irreconcilable.

He explained that with the postal reform bill, he and his fellow co-sponsors made the argument to Reid that the only way to move on the legislation was to bring it to the floor and open it to amendments, rather than continuing to work behind the scenes to gin up support. He is appealing to the majority leader to take the same approach with cybersecurity.

"I think we're migrating toward the 80-20 rule, and my hope is that will actually lead us to be able to take up the bill on the floor and maybe take it up next month, hopefully take it up next month," he said. "We need to overhaul our cybersecurity laws to address the challenges of cloud computing, mobility and other future technologies, along with the challenges associated with existing technologies."

The Lieberman bill that Carper supports would empower the Department of Homeland Security with new regulatory authorities over private-sector digital infrastructure that was deemed critical, a measure that some Republicans have staunchly opposed. Sen. John McCain (R-Ariz.), a vocal critic of DHS, has authored an alternative bill that would impose no new regulations but instead focus on removing legal barriers that impede businesses and government agencies from sharing information about critical threats.

The new powers for DHS can be expected to be the subject of considerable debate should the measure come to the floor, where various amendments will likely emerge to further limit—or eliminate—the agency's role in overseeing private-sector infrastructure.

Can't Congress Just Get Along

At Tuesday's cybersecurity event, hosted by MeriTalk, an online community devoted to government IT issues, Sen. Scott Brown (R-Mass.) echoed Carper's call for advancing bipartisan cybersecurity legislation.

"Just so you know, there's no—all you Democrats in here, there's no Democrat bill that's going to pass. I'm sorry to tell you. Yeah, and all you Republicans in here, there's no Republican bill that's going to pass. It needs to be a bipartisan, bicameral bill that the president's going to sign," Brown said. "That's the reality up here, and the sooner that people figure that out, the better."

Brown also acknowledged that in a highly technical area such as cybersecurity, it is especially important that experts from the private sector make their voices heard as the legislation progresses.

"We don't know it all as legislators when it comes to cyberspace," he said.

A spokesman for Reid did not immediately respond to a request for comment on plans for bringing the cybersecurity bill to the Senate floor.

Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for

Follow everything from on Twitter @CIOonline, on Facebook, and on Google +. Follow everything from on Twitter @CIOonline, on Facebook, and on Google +.

Read more about government in CIO's Government Drilldown.

Join the CSO newsletter!

Error: Please check your email address.

More about BillFacebookGoogleLeaderLeaderScott Corporation

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Kenneth Corbin

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts