Senators float compromise on cybersecurity mandates


The White House has endorsed a bill from Sens. Joe Lieberman (I-Conn.) and Susan CollinsSusan Margaret CollinsGOP Green New Deal stunt is a great deal for Democrats On unilateral executive action, Mitch McConnell was right — in 2014 Congress must step up to protect Medicare home health care MORE (R-Maine) that would empower the Homeland Security Department to set mandatory standards for critical infrastructure systems.

Supporters of the government mandates say they are necessary to protect the country from devastating attacks that could cost thousands of lives.

But some Republicans, led by Sen. John McCainJohn Sidney McCainGOP senator says Republicans didn't control Senate when they held majority Pence met with silence after mentioning Trump in Munich speech Mark Kelly's campaign raises over M in days after launching Senate bid MORE (Ariz.), have slammed the Lieberman-Collins bill, saying it would impose unnecessary burdens on businesses.

House GOP leaders have indicated they will not allow a vote on any legislation that creates new mandates for cybersecurity. In April, the House passed its own bill, the Cyber Intelligence Sharing and Protection Act (CISPA), which would encourage companies to share cyber threat information but would not set security requirements.

Although nearly everyone on Capitol Hill agrees that cyberattacks pose a threat to national security, the disagreement over which regulatory approach to take has stalled the push for legislation.

The draft bill from Whitehouse and Kyl looks to strike a balance that could break the stalemate.

Under their legislation, companies that meet "baseline performance goals" would receive liability protections, advantages in securing government funding and eligibility for technical cybersecurity assistance.

But unlike Lieberman-Collins, the bill would not force any company to meet the standards.

The measure is currently only a six-page draft that is not written in legislative language. Industry officials and staffers on Capitol Hill said they would need to see a more detailed version to reach a conclusive opinion about it.

But an aide to Lieberman said the senator feels the proposal is "encouraging" because "it recognizes the importance of protecting the cyber systems of our most critical infrastructure."

The aide added that Lieberman is still a "staunch advocate" of mandates for cybersecurity.

In a statement provided to The Hill, Sen. Jay RockefellerJohn (Jay) Davison RockefellerSenate GOP rejects Trump’s call to go big on gun legislation Overnight Tech: Trump nominates Dem to FCC | Facebook pulls suspected baseball gunman's pages | Uber board member resigns after sexist comment Trump nominates former FCC Dem for another term MORE (D-W.Va.), one of the leading supporters of Lieberman-Collins, also expressed support for reaching a compromise on the issue.

“For years I have been working hard to find bipartisan consensus on how to protect our most critical systems from cyberattack," he said. "I have not been involved in this group’s effort, but I encourage any senator who seeks consensus on this crucial national security challenge. Our military and intelligence leaders have been crystal-clear about what we need to do. If we fail to act, we will deeply regret it."

But the proposal could get a cool reception from industry groups that oppose the regulatory regime of Lieberman-Collins.

"It's hard to see how this is a compromise," one industry official said, adding that it could actually create a greater regulatory burden than Lieberman-Collins.