Senators float compromise on cybersecurity mandates

The White House has endorsed a bill from Sens. Joe Lieberman (I-Conn.) and Susan CollinsSusan Margaret CollinsOvernight Energy: Trump NASA pick advances after drama | White House office to investigate Pruitt's soundproof booth | 170 lawmakers call for Pruitt to resign Trump's NASA nominee advances after floor drama Family, friends mourn death of Barbara Bush MORE (R-Maine) that would empower the Homeland Security Department to set mandatory standards for critical infrastructure systems.

Supporters of the government mandates say they are necessary to protect the country from devastating attacks that could cost thousands of lives.

But some Republicans, led by Sen. John McCainJohn Sidney McCainHeitkamp becomes first Dem to back Pompeo for secretary of State Senate committee sets Monday vote even as Pompeo appears to lack support Trump checkmates Democrats in sending Pompeo to North Korea MORE (Ariz.), have slammed the Lieberman-Collins bill, saying it would impose unnecessary burdens on businesses.

House GOP leaders have indicated they will not allow a vote on any legislation that creates new mandates for cybersecurity. In April, the House passed its own bill, the Cyber Intelligence Sharing and Protection Act (CISPA), which would encourage companies to share cyber threat information but would not set security requirements.

Although nearly everyone on Capitol Hill agrees that cyberattacks pose a threat to national security, the disagreement over which regulatory approach to take has stalled the push for legislation.

The draft bill from Whitehouse and Kyl looks to strike a balance that could break the stalemate.

Under their legislation, companies that meet "baseline performance goals" would receive liability protections, advantages in securing government funding and eligibility for technical cybersecurity assistance.

But unlike Lieberman-Collins, the bill would not force any company to meet the standards.

The measure is currently only a six-page draft that is not written in legislative language. Industry officials and staffers on Capitol Hill said they would need to see a more detailed version to reach a conclusive opinion about it.

But an aide to Lieberman said the senator feels the proposal is "encouraging" because "it recognizes the importance of protecting the cyber systems of our most critical infrastructure."

The aide added that Lieberman is still a "staunch advocate" of mandates for cybersecurity.

In a statement provided to The Hill, Sen. Jay RockefellerJohn (Jay) Davison RockefellerSenate GOP rejects Trump’s call to go big on gun legislation Overnight Tech: Trump nominates Dem to FCC | Facebook pulls suspected baseball gunman's pages | Uber board member resigns after sexist comment Trump nominates former FCC Dem for another term MORE (D-W.Va.), one of the leading supporters of Lieberman-Collins, also expressed support for reaching a compromise on the issue.

“For years I have been working hard to find bipartisan consensus on how to protect our most critical systems from cyberattack," he said. "I have not been involved in this group’s effort, but I encourage any senator who seeks consensus on this crucial national security challenge. Our military and intelligence leaders have been crystal-clear about what we need to do. If we fail to act, we will deeply regret it."

But the proposal could get a cool reception from industry groups that oppose the regulatory regime of Lieberman-Collins.

"It's hard to see how this is a compromise," one industry official said, adding that it could actually create a greater regulatory burden than Lieberman-Collins.