Security experts mixed on revised Lieberman bill


"Let's not pretend we're making the nation more secure with this legislation. It won't make the slightest bit of difference," Lewis said.

He added that while the bill doesn't move the ball backward on cybersecurity, it would maintain the status quo.

ADVERTISEMENT
"Congress has to operate in the world of political reality and there's a limit as to what they can do, and we just have to recognize that I guess," Lewis said. "They want to pass a bill, but you know, that's different than passing a useful bill."

But not everyone takes that view. Tom Kellermann, vice president of cybersecurity at Trend Micro, argued that the bill is still a good piece of legislation despite the changes made to the critical infrastructure provisions. Congress is also running out of time to act, so making some concessions to the bill is a better alternative than passing no bill at all, he said.

"In a perfect world, if there wasn't such a bifurcated, antagonistic Congress, we could have a better piece of legislation created," said Kellermann, who acted as an adviser during the crafting of Lieberman's original bill. "But the reality is this is still a good piece of legislation that should pass. We don't have that much time and we're not going to get anymore chances."

"Given that I believe in the 80-20 rule, I believe this is the best legislation out there," Kellermann said.

Former DHS official Stewart Baker made a similar assessment.

"The watered down security standards are still much better than nothing, and so I hope they do the trick," Baker, a partner at Steptoe Johnson, said.

The critical infrastructure provisions in the original version of Lieberman's bill were criticized by Senate Republicans and the U.S. Chamber of Commerce for being too regulatory. Lieberman and the four other co-sponsors of the revised bill -- Sens. Susan Collins (R-Maine), Jay Rockefeller (D-W.Va.), Dianne Feinstein (D-Calif.) and Tom Carper (D-Del.) -- said the original bill was stronger but were willing to compromise because the cyberthreats facing the nation are too great for the Senate not to move on legislation.

In a statement, Collins cited a recent report from the Homeland Security Department that said owners of critical infrastructure have reported nearly 200 cyber intrusions in 2011, a 400 percent increase from the previous year.

“The data and the headlines make it clear that we have already waited too long to address this escalating threat," Collins said.

The co-sponsors are holding a press conference on Tuesday to describe the changes between the original and revised versions of the bill and shed more light on why those changes were made. Senate Majority Leader Harry Reid (D-Nev.) plans to move to the bill later this week after the upper chamber finishes up votes on tax cut extensions.

The White House gave the revised version of Lieberman's bill its blessing although it had pushed hard earlier this year for cybersecurity legislation to include baseline cybersecurity standards for critical infrastructure. President Obama urged the Senate to pass Lieberman's cybersecurity bill in a Wall Street Journal op-ed published shortly after the latest version was introduced.

"It would be the height of irresponsibility to leave a digital backdoor wide open to our cyber adversaries," Obama wrote.

This story was updated at 11:12 a.m.