Industry expects to see compromise Senate cybersecurity framework soon

Industry groups are expecting to see the latest version of the cybersecurity compromise framework from Sens. Jon Kyl (R-Ariz.) and Sheldon WhitehouseSheldon WhitehouseDem senator: 'How many lives must be lost before we act?' Sen. Manchin won’t vote for Trump’s mine safety nominee Overnight Regulation: SEC chief grilled over hack | Dems urge Labor chief to keep Obama overtime rule | Russia threatens Facebook over data storage law MORE (D-R.I.) in the coming days.

A staff prepared draft of the framework released last month received poor reviews by some business groups, including the U.S. Chamber of Commerce and Information Technology Industry Council, which saw it as too regulatory. The compromise’s chances of breaking the stalemate on cybersecurity legislation in the upper chamber could be put in jeopardy if the updated version receives another round of criticism from powerful industry groups.

ADVERTISEMENT
The framework aims to find a middle ground on a contentious measure in Sen. Joe Lieberman’s (I-Conn.) cybersecurity bill that would require companies that operate critical infrastructure to meet a set of security standards developed in part by the Homeland Security Department.  A group of Senate Republicans and the Chamber have argued that this measure would redirect the private sector’s focus from improving the security of its networks and systems to complying with new security rules.

“Everyone is anticipating the emergence of some type of a bipartisan compromise to break the current stalemate,” said Jessica Herrera-Flanigan, a partner at lobbying firm Monument Policy Group. “As such, every potential proposal is being looked at closely.”

The updated version of the framework does not include legislative language and is expected to be shared with the Chamber early next week, according to a Senate staffer.

In the meantime, Kyl and Whitehouse’s offices have been keeping the proposal closely under wraps. Spokesmen for Whitehouse and Kyl did not respond to requests for comment about the framework.

The White House has also made it clear that it wants security standards for critical infrastructure to be a part of any cybersecurity legislation that comes out of Congress.

This spring the White House issued a veto threat against a House cybersecurity bill, the Cyber Intelligence Sharing and Protection Act, that lacked critical infrastructure provisions and focused on improving information sharing about cyberthreats instead. Keith Alexander, the head of U.S. Cyber Command, and Homeland Security Secretary Janet Napolitano have also argued that critical infrastructure operators should be required to meet some sort of security standards when testifying on the Hill this year.

The Senate has been gridlocked on this question of how to better protect critical infrastructure since Lieberman’s bill was introduced in February.  A group of Senate Republicans led by Sen. John McCainJohn Sidney McCainRubio asks Army to kick out West Point grad with pro-communist posts The VA's woes cannot be pinned on any singular administration Overnight Defense: Mattis offers support for Iran deal | McCain blocks nominees over Afghanistan strategy | Trump, Tillerson spilt raises new questions about N. Korea policy MORE (R-Ariz.) are sponsoring a rival cybersecurity measure that does not include security mandates for critical infrastructure operators and focuses on improving information sharing about cyberthreats between government and industry instead.  

Lieberman has said he expects Senate Majority Leader Harry ReidHarry ReidChris Murphy’s profile rises with gun tragedies Republicans are headed for a disappointing end to their year in power Obama's HHS secretary could testify in Menendez trial MORE (D-Nev.) to take up his bill after the July recess. Reid has not given a timeframe on when the cybersecurity bill will see floor action but said he wants to tackle the issue this year.