Senators float compromise on cybersecurity mandates

The White House has endorsed a bill from Sens. Joe Lieberman (I-Conn.) and Susan CollinsSusan Margaret CollinsOvernight Tech: Judge blocks AT&T request for DOJ communications | Facebook VP apologizes for tweets about Mueller probe | Tech wants Treasury to fight EU tax proposal Overnight Regulation: Trump to take steps to ban bump stocks | Trump eases rules on insurance sold outside of ObamaCare | FCC to officially rescind net neutrality Thursday | Obama EPA chief: Reg rollback won't stand FCC to officially rescind net neutrality rules on Thursday MORE (R-Maine) that would empower the Homeland Security Department to set mandatory standards for critical infrastructure systems.

Supporters of the government mandates say they are necessary to protect the country from devastating attacks that could cost thousands of lives.

But some Republicans, led by Sen. John McCainJohn Sidney McCainLawmakers worry about rise of fake video technology Democrats put Dreamers and their party in danger by playing hardball Trump set a good defense budget, but here is how to make it better MORE (Ariz.), have slammed the Lieberman-Collins bill, saying it would impose unnecessary burdens on businesses.

House GOP leaders have indicated they will not allow a vote on any legislation that creates new mandates for cybersecurity. In April, the House passed its own bill, the Cyber Intelligence Sharing and Protection Act (CISPA), which would encourage companies to share cyber threat information but would not set security requirements.

Although nearly everyone on Capitol Hill agrees that cyberattacks pose a threat to national security, the disagreement over which regulatory approach to take has stalled the push for legislation.

The draft bill from Whitehouse and Kyl looks to strike a balance that could break the stalemate.

Under their legislation, companies that meet "baseline performance goals" would receive liability protections, advantages in securing government funding and eligibility for technical cybersecurity assistance.

But unlike Lieberman-Collins, the bill would not force any company to meet the standards.

The measure is currently only a six-page draft that is not written in legislative language. Industry officials and staffers on Capitol Hill said they would need to see a more detailed version to reach a conclusive opinion about it.

But an aide to Lieberman said the senator feels the proposal is "encouraging" because "it recognizes the importance of protecting the cyber systems of our most critical infrastructure."

The aide added that Lieberman is still a "staunch advocate" of mandates for cybersecurity.

In a statement provided to The Hill, Sen. Jay RockefellerJohn (Jay) Davison RockefellerOvernight Tech: Trump nominates Dem to FCC | Facebook pulls suspected baseball gunman's pages | Uber board member resigns after sexist comment Trump nominates former FCC Dem for another term Obama to preserve torture report in presidential papers MORE (D-W.Va.), one of the leading supporters of Lieberman-Collins, also expressed support for reaching a compromise on the issue.

“For years I have been working hard to find bipartisan consensus on how to protect our most critical systems from cyberattack," he said. "I have not been involved in this group’s effort, but I encourage any senator who seeks consensus on this crucial national security challenge. Our military and intelligence leaders have been crystal-clear about what we need to do. If we fail to act, we will deeply regret it."

But the proposal could get a cool reception from industry groups that oppose the regulatory regime of Lieberman-Collins.

"It's hard to see how this is a compromise," one industry official said, adding that it could actually create a greater regulatory burden than Lieberman-Collins.