The senators argued that the Chamber mischaracterized the information sharing section of the bill in a letter it sent to the Senate last week, which urged members to vote against moving the bill forward for debate. In the letter, the Chamber said the latest version of Lieberman's cybersecurity bill would prevent military agencies like the National Security Agency (NSA) and Department of Defense from receiving cyberthreat information directly from private-sector companies operating critical infrastructure.
Responding to that claim, Lieberman and his bill co-sponsors wrote that a provision in their revised bill "makes clear that such existing and future information sharing can continue if members of the Chamber want to continue to send information directly to the NSA."
Discussion about the information sharing section of the bill was a top subject at the Friday meeting with the Chamber representatives, senators and staff.
"There's been a fair amount of public comment by the Chamber about concerns about information sharing, so we literally went through that section page by page to try and better understand their concerns and hopefully they'll be resolved and addressed," Coons said after exiting the meeting last week.
"The remaining issue is you've got industry groups from lots of different sectors who are sort of struggling or working hard to catch up to what the current language really is in terms of the balance between this [bill] is voluntary, not mandatory … how exactly are the standards set and what's the liability protection offered?" Coons said. "We're down to granular details on that."
The Chamber backs a rival cybersecurity measure authored by Sen. John McCainJohn McCainMeghan McCain: Obama 'a dirty capitalist like the rest of us' Top commander: Don't bet on China reining in North Korea Trudeau, Trump speak for second night about US-Canada trade MORE (R-Ariz.), called the Secure It Act. Unlike Lieberman's bill, the Secure It Act does not include measures that would incentivize critical infrastructure operators to meet government-developed cybersecurity standards. Instead, it focuses primarily on improving information sharing about cyberthreats between the government and industry.
The business lobby didn't stay quiet after receiving the letter from the Cybersecurity Act's co-sponsors.
Matt Eggers, the Chamber's senior director of national security and emergency preparedness, took another swipe at the cybersecurity bill's co-sponsors in a blog post published on Monday, arguing that "the criticisms of our positions are little more than a distraction from central issues not addressed by S. 3414." Eggers argued that information-sharing legislation--such as Sen. John McCain (R-Ariz.)'s competing Secure IT Act and the House's Cyber Intelligence Sharing and Protection Act--would help businesses combat cyberthreats because it "incentivizes businesses to disclose cyber threat information that would benefit their peers and the government."
He added that if "Congress wants to encourage businesses to enhance their cybersecurity for the public good, which is a worthy goal, then it should offer businesses some legitimate carrots—and not use incentives as a thinly veiled way to regulate the business community."
The Obama administration and co-sponsors of Lieberman's bill argue that information sharing measures aren't enough to address security gaps in the computer systems of critical infrastructure, noting that current and former defense officials have called for critical infrastructure operators to follow some sort of baseline cybersecurity standards. The Chamber has argued that these critical infrastructure provisions would be voluntary in theory, but ultimately tack additional regulations onto industry.
The story was updated at 3:37 p.m.