The senators argued that the Chamber mischaracterized the information sharing section of the bill in a letter it sent to the Senate last week, which urged members to vote against moving the bill forward for debate. In the letter, the Chamber said the latest version of Lieberman's cybersecurity bill would prevent military agencies like the National Security Agency (NSA) and Department of Defense from receiving cyberthreat information directly from private-sector companies operating critical infrastructure.
Responding to that claim, Lieberman and his bill co-sponsors wrote that a provision in their revised bill "makes clear that such existing and future information sharing can continue if members of the Chamber want to continue to send information directly to the NSA."
Discussion about the information sharing section of the bill was a top subject at the Friday meeting with the Chamber representatives, senators and staff.
"The remaining issue is you've got industry groups from lots of different sectors who are sort of struggling or working hard to catch up to what the current language really is in terms of the balance between this [bill] is voluntary, not mandatory … how exactly are the standards set and what's the liability protection offered?" Coons said. "We're down to granular details on that."
The Chamber backs a rival cybersecurity measure authored by Sen. John McCainJohn Sidney McCainTrump attacks Meghan McCain and her family In Montana, a knock-down redistricting fight over a single line McCain: Ivanka Trump, Jared Kushner had 'no goddamn business' attending father's funeral MORE (R-Ariz.), called the Secure It Act. Unlike Lieberman's bill, the Secure It Act does not include measures that would incentivize critical infrastructure operators to meet government-developed cybersecurity standards. Instead, it focuses primarily on improving information sharing about cyberthreats between the government and industry.
The business lobby didn't stay quiet after receiving the letter from the Cybersecurity Act's co-sponsors.
He added that if "Congress wants to encourage businesses to enhance their cybersecurity for the public good, which is a worthy goal, then it should offer businesses some legitimate carrots—and not use incentives as a thinly veiled way to regulate the business community."
The Obama administration and co-sponsors of Lieberman's bill argue that information sharing measures aren't enough to address security gaps in the computer systems of critical infrastructure, noting that current and former defense officials have called for critical infrastructure operators to follow some sort of baseline cybersecurity standards. The Chamber has argued that these critical infrastructure provisions would be voluntary in theory, but ultimately tack additional regulations onto industry.
The story was updated at 3:37 p.m.