Senators float compromise on cybersecurity mandates


The White House has endorsed a bill from Sens. Joe Lieberman (I-Conn.) and Susan CollinsSusan Margaret CollinsI'm furious about Democrats taking the blame — it's time to fight back 'All or nothing' won't bolster American democracy: Reform the filibuster and Electoral Count Act Voting rights, Trump's Big Lie, and Republicans' problem with minorities MORE (R-Maine) that would empower the Homeland Security Department to set mandatory standards for critical infrastructure systems.

Supporters of the government mandates say they are necessary to protect the country from devastating attacks that could cost thousands of lives.

But some Republicans, led by Sen. John McCainJohn Sidney McCainRedistricting reform key to achieving the bipartisanship Americans claim to want Kelly takes under-the-radar approach in Arizona Senate race Voting rights, Trump's Big Lie, and Republicans' problem with minorities MORE (Ariz.), have slammed the Lieberman-Collins bill, saying it would impose unnecessary burdens on businesses.

House GOP leaders have indicated they will not allow a vote on any legislation that creates new mandates for cybersecurity. In April, the House passed its own bill, the Cyber Intelligence Sharing and Protection Act (CISPA), which would encourage companies to share cyber threat information but would not set security requirements.

Although nearly everyone on Capitol Hill agrees that cyberattacks pose a threat to national security, the disagreement over which regulatory approach to take has stalled the push for legislation.

The draft bill from Whitehouse and Kyl looks to strike a balance that could break the stalemate.

Under their legislation, companies that meet "baseline performance goals" would receive liability protections, advantages in securing government funding and eligibility for technical cybersecurity assistance.

But unlike Lieberman-Collins, the bill would not force any company to meet the standards.

The measure is currently only a six-page draft that is not written in legislative language. Industry officials and staffers on Capitol Hill said they would need to see a more detailed version to reach a conclusive opinion about it.

But an aide to Lieberman said the senator feels the proposal is "encouraging" because "it recognizes the importance of protecting the cyber systems of our most critical infrastructure."

The aide added that Lieberman is still a "staunch advocate" of mandates for cybersecurity.

In a statement provided to The Hill, Sen. Jay RockefellerJohn (Jay) Davison RockefellerDemocrats look to scale back Biden bill to get it passed Humorless politics a sad sign of our times Bottom Line MORE (D-W.Va.), one of the leading supporters of Lieberman-Collins, also expressed support for reaching a compromise on the issue.

“For years I have been working hard to find bipartisan consensus on how to protect our most critical systems from cyberattack," he said. "I have not been involved in this group’s effort, but I encourage any senator who seeks consensus on this crucial national security challenge. Our military and intelligence leaders have been crystal-clear about what we need to do. If we fail to act, we will deeply regret it."

But the proposal could get a cool reception from industry groups that oppose the regulatory regime of Lieberman-Collins.

"It's hard to see how this is a compromise," one industry official said, adding that it could actually create a greater regulatory burden than Lieberman-Collins.