Senate delays, maybe kills, cybersecurity bill

Senators decline to vote to end debate on the controversial Cybersecurity Act

The U.S. Senate on Thursday failed to end debate on a comprehensive cybersecurity bill, pushing action on the bill into September and potentially killing it.

The Senate voted 52-46 to end debate and move toward a final vote on the revised Cybersecurity Act, but 60 votes were needed to move forward. This week, members of President Barack Obama's administration called passage of the bill critical for U.S. national security.

The Senate is expected to start its August recess on Friday, not returning until Sept. 7. It is typically difficult for controversial legislation to pass between September and the national election in November.

Opponents of the bill, including many Republicans, said it still has several problems that need to be worked out. Sponsors of the Cybersecurity Act introduced the revised version of the bill July 19, and many critics said there hasn't been enough time to fix the legislation.

Supporters of the bill shouldn't see the vote against cloture Thursday as an attempt to kill the bill but an attempt to amend it and improve it, said Senator John McCain, an Arizona Republican. The bill would give the U.S. government too much power to set and amend cybersecurity standards developed with the help of private companies, McCain has said.

Several senators have come to "some agreement that we think could move this legislation forward in a fashion that recognizes the importance of the issue and yet dramatically, in our view, improves the legislation," McCain said. "So I would hope that the Republican leader and the majority leader would not interpret this vote ... as an impediment to the process that I think was moving on a path where we could have reached some agreement and addressed this issue and this legislation conclusively."

The U.S. Chamber of Commerce raised similar concerns. "The bill would give the federal government too much control over what actions the business community could take to protect its computers and networks," Ann Beauchesne, the chamber's vice president of national security, said in an email. "Businesses need concrete certainty that they would have an equal voice over the direction of the program and that the program would be responsive and dynamic, just like the Internet itself."

The chamber also called for the Senate to strengthen lawsuit protections in the bill.

Republican senators were "running like scared cats" away from the bill because of the chamber's opposition, Senator Harry Reid, a Nevada Democrat and Senate majority leader said Thursday. The chamber is a major backer of many Republican candidates.

Several other senators, led by Minnesota Democrat Al Franken, pushed for privacy protections in the bill. The legislation would allow Internet service providers and other Web businesses to spy on customers to share information with the government without the need for a warrant, he said. The bill would take away customer rights to sue those businesses, he added.

Senator Susan Collins, a Maine Republican and co-sponsor of the bill, criticized other senators for trying to tack on several unrelated amendments to the bill. "Rarely have I been so disappointed in the Senate's failure to come to grips with a threat on our country," she said Thursday.

The bill would also create a new intra-agency council to work with private companies to develop cybersecurity standards that businesses could voluntarily adopt. The bill would offer incentives to companies that volunteer for cybersecurity programs, including protection from lawsuits related to cyberincidents and increased help and information on cybersecurity issues from U.S. agencies.

Although the adopting the standards are voluntary, the authors of the bill wanted to give businesses strong incentives to adopt the standards, said Senator Joseph Lieberman, a Connecticut Independent and sponsor of the legislation.

The incentives will create "tremendous inducements -- yeah, even maybe pressure -- on CEOs" of companies of critical infrastructure to adopt the standards, Lieberman said last week. Companies that don't adopt the standards and are attacked "they will be subject to enormous, probably corporation-ending liability," he added.

The bill would also authorize the government to provide security clearances to companies with a need to receive classified information to protect their networks. It would also create new cybersecurity research and development programs in the U.S. government, and it would create new federal programs to identify and recruit cybersecurity workers for the government.

The Information Technology Industry Council, a tech trade group, called Thursday's vote a "lost opportunity" to improve cybersecurity in the U.S.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place