Chamber not sold on revised cybersecurity bill

By Jennifer Martinez - 07/20/12 08:22 PM ET

The U.S. Chamber of Commerce said on Friday that it isn't sold yet on the revised version of the cybersecurity bill by Sen. Joe Lieberman (I-Conn.), arguing that it would take an "overly prescriptive" approach towards protecting the nation's critical infrastructure from cyberattacks.

"While we continue to review the revised bill and consult with our members, we believe that we will still have concerns with it," said Ann Beauchesne, vice president of national security and emergency preparedness at the Chamber.

The business lobby's chief concern is with a section of the bill that is aimed at incentivizing critical infrastructure operators to meet a set of security standards approved by a government-led interagency council. The section proposes to create a voluntary program where companies would receive liability protections or other incentives by certifying that its computer systems meet these cybersecurity standards.

"While this sounds appealing on its face, a government-administered program would shift during the implementation phase from being standards based and flexible in concept to being overly prescriptive in practice," Beauchesne said.

In the original version of the bill, that section would have required companies operating critical infrastructure such as water systems and power companies to meet a set of security standards. A group of GOP senators and the Chamber said these provisions would saddle industry with burdensome regulations and add another layer of bureaucracy to existing security structures.

Lieberman amended that section in the revised bill to allay those concerns.

Beauchesne said Congress should focus on passing bills "where consensus has already been reached," such as measures aimed at boosting cybersecurity research and development and improving information sharing about cyberthreats. The Chamber has backed the Cyber Intelligence Sharing and Protection Act in the House and a rival cybersecurity bill by Sen. John McCain (R-Ariz.), which both focus on information sharing.

"Congress is getting bogged down – and rightly so – on the issue of regulating business because there remains considerable disagreement on this topic," Beauchesne added. "The Chamber and many other stakeholders view government-driven compliance regimes as costly to taxpayers and businesses and contrary to effective security."

The Chamber's opposition to the revised bill could discourage some GOP senators from backing it.

Lieberman and the bill's four co-sponsors have argued that cybersecurity legislation must include provisions aimed at addressing security gaps in the computer systems and networks of critical infrastructure. Sen. Jay Rockefeller (D-W.Va.), a co-sponsor of the cybersecurity bill, has said "it is a crucial matter of public safety and national security that we do something now to ensure our most critical infrastructure is protected from cyber-attacks.”

This story was updated at 9:55 p.m.