Industry groups are expecting to see the latest version of the cybersecurity compromise framework from Sens. Jon Kyl (R-Ariz.) and Sheldon WhitehouseSheldon WhitehouseDemocrats draw red lines in spending fight What Republicans should demand in exchange for raising the debt ceiling Climate hawks pressure Biden to replace Fed chair MORE (D-R.I.) in the coming days.
A staff prepared draft of the framework released last month received poor reviews by some business groups, including the U.S. Chamber of Commerce and Information Technology Industry Council, which saw it as too regulatory. The compromise’s chances of breaking the stalemate on cybersecurity legislation in the upper chamber could be put in jeopardy if the updated version receives another round of criticism from powerful industry groups.
The framework aims to find a middle ground on a contentious measure in Sen. Joe Lieberman’s (I-Conn.) cybersecurity bill that would require companies that operate critical infrastructure to meet a set of security standards developed in part by the Homeland Security Department. A group of Senate Republicans and the Chamber have argued that this measure would redirect the private sector’s focus from improving the security of its networks and systems to complying with new security rules.
“Everyone is anticipating the emergence of some type of a bipartisan compromise to break the current stalemate,” said Jessica Herrera-Flanigan, a partner at lobbying firm Monument Policy Group. “As such, every potential proposal is being looked at closely.”
The updated version of the framework does not include legislative language and is expected to be shared with the Chamber early next week, according to a Senate staffer.
In the meantime, Kyl and Whitehouse’s offices have been keeping the proposal closely under wraps. Spokesmen for Whitehouse and Kyl did not respond to requests for comment about the framework.
The White House has also made it clear that it wants security standards for critical infrastructure to be a part of any cybersecurity legislation that comes out of Congress.
This spring the White House issued a veto threat against a House cybersecurity bill, the Cyber Intelligence Sharing and Protection Act, that lacked critical infrastructure provisions and focused on improving information sharing about cyberthreats instead. Keith Alexander, the head of U.S. Cyber Command, and Homeland Security Secretary Janet Napolitano have also argued that critical infrastructure operators should be required to meet some sort of security standards when testifying on the Hill this year.
The Senate has been gridlocked on this question of how to better protect critical infrastructure since Lieberman’s bill was introduced in February. A group of Senate Republicans led by Sen. John McCainJohn Sidney McCain20 years after 9/11, US foreign policy still struggles for balance What the chaos in Afghanistan can remind us about the importance of protecting democracy at home 'The View' plans series of conservative women as temporary McCain replacements MORE (R-Ariz.) are sponsoring a rival cybersecurity measure that does not include security mandates for critical infrastructure operators and focuses on improving information sharing about cyberthreats between government and industry instead.
Lieberman has said he expects Senate Majority Leader Harry ReidHarry Mason ReidDemocrats say Biden must get more involved in budget fight Biden looks to climate to sell economic agenda Justice Breyer issues warning on remaking Supreme Court: 'What goes around comes around' MORE (D-Nev.) to take up his bill after the July recess. Reid has not given a timeframe on when the cybersecurity bill will see floor action but said he wants to tackle the issue this year.