Make-or-break time for cybersecurity bill

It’s make-or-break time for cybersecurity legislation in the Senate. 

Senate Majority Leader Harry ReidHarry ReidThe Memo: Trump pulls off a stone-cold stunner The Memo: Ending DACA a risky move for Trump Manchin pressed from both sides in reelection fight MORE (D-Nev.) will likely move to Sen. Joe Lieberman's (I-Conn.) cybersecurity bill this week once the upper chamber finishes up votes on taxes, an aide said. That could come as early as Wednesday or Thursday, while a procedural vote to move the bill to the floor is expected the following Monday. 

The stakes are high for industry groups and for Lieberman, the bill's lead co-sponsor, who has eyed the measure as a part of his legacy before he retires at the end of this Congress.

ADVERTISEMENT
Lieberman has said a cybersecurity bill would either move to the floor before the August recess or not at all, and has been working on a compromise that he hopes will attract GOP support.   

This past week, Lieberman and the four other co-sponsors of the cybersecurity bill — Sens. Susan CollinsSusan Margaret CollinsSenate Dems hold floor talk-a-thon against latest ObamaCare repeal bill Ryan: Graham-Cassidy 'best, last chance' to repeal ObamaCare Collins skeptical of new ObamaCare repeal effort MORE (R-Maine), Jay RockefellerJay RockefellerOvernight Tech: Trump nominates Dem to FCC | Facebook pulls suspected baseball gunman's pages | Uber board member resigns after sexist comment Trump nominates former FCC Dem for another term Obama to preserve torture report in presidential papers MORE (D-W.Va.), Dianne FeinsteinDianne Emiel FeinsteinDems call for action against Cassidy-Graham ObamaCare repeal Feinstein pushes back on Trump’s N. Korea policy Feinstein on reelection bid: ‘We will see’ MORE (D-Calif.) and Tom CarperThomas (Tom) Richard CarperIt’s time for Congress to actually fix the individual health insurance market Where Dems stand on Sanders's single-payer bill Trump riles Dems with pick for powerful EPA job MORE (D-Del.) — introduced a revised version that attempts to soften provisions that would have required companies operating critical infrastructure to meet a set of security standards developed, in part, by the Homeland Security Department.

Republicans senators and the U.S. Chamber of Commerce strongly opposed the earlier infrastructure provisions, arguing they would saddle industry with burdensome regulations and create a bureaucratic nightmare.



A group of GOP senators led by Sen. John McCainJohn Sidney McCainSenate's defense authorization would set cyber doctrine Senate Dems hold floor talk-a-thon against latest ObamaCare repeal bill Overnight Defense: Senate passes 0B defense bill | 3,000 US troops heading to Afghanistan | Two more Navy officials fired over ship collisions MORE (R-Ariz.), Kay Bailey Hutchison (R-Texas) and Saxby ChamblissSaxby ChamblissFormer GOP senator: Let Dems engage on healthcare bill OPINION: Left-wing politics will be the demise of the Democratic Party GOP hopefuls crowd Georgia special race MORE (R-Ga.) has introduced a rival bill — the SECURE IT Act — that does not include security mandates and is focused on improving information sharing about cyber threats between industry and the government.


Lieberman’s revised bill would establish a program where critical infrastructure operators would certify that they meet a set of performance standards in exchange for various incentives, such as liability protections. The idea was hatched by a bipartisan working group that was led by Sens. Sheldon WhitehouseSheldon WhitehouseJuan Williams: Momentum builds against gerrymandering Overnight Regulation: FTC launches probe into Equifax | Dems propose tougher data security rules | NYC aims to slash greenhouse gas emissions | EPA to reconsider Obama coal ash rule Overnight Cybersecurity: Kaspersky to testify before House | US sanctions Iranians over cyberattacks | Equifax reveals flaw that led to hack MORE (D-RI) and Jon Kyl (R-Ariz.).

"We are going to try carrots instead of sticks as we begin to improve our cyber defenses," Lieberman said in a statement. But he said if the voluntary measures don't work, "a future Congress will undoubtedly come back and adopt a more coercive system."

But whether those changes will be enough to get the 60 votes needed to advance most legislation through the Senate is uncertain. So far, Collins is the lone Republican backer of the bill, meaning the co-sponsors need to get at least another six GOP votes to hit 60.

Sens. Lindsey GrahamLindsey Olin GrahamTop Louisiana health official rips Cassidy over ObamaCare repeal bill Senate Dems hold floor talk-a-thon against latest ObamaCare repeal bill Overnight Defense: Senate passes 0B defense bill | 3,000 US troops heading to Afghanistan | Two more Navy officials fired over ship collisions MORE (R-S.C.) and Roy BluntRoy Dean BluntTop Senate Dem: We're going forward with understanding we can work with White House on DACA Sunday shows preview: Trump officials gear up for UN assembly Air Force One is Trump’s new boardroom MORE (R-Mo.) are seen as possible swing votes because of their involvement in the compromise effort with Whitehouse and Kyl. Blunt emphasized that cybersecurity legislation must harden vulnerabilities in critical infrastructure during a colloquy with other members on the Senate floor this past week. 

Others are keeping an eye on Sens. Olympia Snowe (R-Maine), Scott Brown (R-Mass.) and Kelly AyotteKelly Ann AyotteStale, misguided, divisive: minimum wage can't win elections Trump voter fraud commission sets first meeting outside DC RNC chair warns: Republicans who refused to back Trump offer 'cautionary tale' MORE (R-N.H.) as possible pick-ups for Democrats. Ayotte, however, had concerns with the original version of the Lieberman bill and has criticized the process used to draft it. 

Sen. Dan CoatsDaniel (Dan) Ray CoatsOvernight Cybersecurity: DHS bans agencies from using Kaspersky software | Panel calls Equifax CEO to testify | Facebook pulling ads from fake news Mueller investigation focusing on social media's role in 2016 election: report Intelligence director criticizes former officials for speaking out against Trump MORE (R-Ind.), a co-sponsor of the SECURE IT Act, was also seen as a possible convert because of his involvement in the Whitehouse-Kyl discussions, but has already expressed concerns with the new bill’s provisions.

“I strongly believe that Congress must pass a cyber security bill this year given the real and dangerous threat of a cyber attack on our country,” said Coats, a member of the Senate Intelligence Committee, in a statement. “While I am still reviewing the details of the revised Cybersecurity Act offered by Sens. Lieberman and Collins, I remain concerned that some of the provisions move beyond voluntary incentives and subject the private sector to mandatory requirements and burdensome regulations.”

Even if the bill clears the Senate, it has to make it through conference, and many of its provisions have long odds of passing the GOP-controlled House.

House Republican leaders have indicated they will not allow a vote on any cybersecurity bill that they view as creating burdensome regulations.

House Speaker John BoehnerJohn Andrew BoehnerSpeculation mounts, but Ryan’s job seen as safe Boehner warns Trump: Don't pull out of Korea-US trade deal GOP Rep: Ryan wasting taxpayers dollars by blocking war authorization debate MORE (R-Ohio) said in April that the president's support for cybersecurity mandates shows that the "White House believes the government ought to control the Internet, government ought to set standards and government ought to take care of everything that’s needed for cybersecurity."

GOP Rep. Dan Lungren (R-Calif.) authored a House bill that would have set mandatory standards for critical infrastructure, but was forced to scale back the requirements in a bid to win over House leaders.

His revised bill would have allowed the Homeland Security Department to help critical infrastructure companies protect their networks, but the system would have been entirely voluntary. But House leaders blocked a floor vote on it.

Despite the challenges, the activity is the closest Congress has come to passing major cybersecurity legislation in recent years. 

"If a major event happens, no one wants to be the one pointed to as having held up legislation," said Jessica Herrera-Flanigan, a partner at Monument Policy Group. 

"There has been a lot of compromise to reach this point, so the Senate is in the closest place it has been this year for passing cybersecurity, though there are obviously still challenges to getting it done."