Senate Republicans Again Block Bill To Establish Cybersecurity Standards

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

The Senate Nov. 14 failed to advance a cybersecurity bill that was brought back to the floor for reconsideration after a similar defeat over the summer.

Reiterating concerns raised by industry lobbyists about potential regulatory burdens, Republicans again opposed a cloture motion to proceed to final passage of the Cybersecurity Act (S. 3414).

The cloture motion, which required 60 votes for passage, was defeated 51-47.

“Whatever we do for this bill is not enough for the Chamber of Commerce,” Senate Majority Leader Harry Reid (D-Nev.) said on the floor immediately after the failed cloture vote. “Cybersecurity is dead for this Congress.”

Reid announced last month that he was giving the Senate one more chance this year to pass cybersecurity legislation in light of growing threats to the computer networks that operate the nation's critical infrastructure, such as power plants and water systems (11 PVLR 1553, 10/22/12).

The Cybersecurity Act previously came to the floor shortly before the August recess, but the legislation was ultimately blocked by Republicans, who argued that Reid was seeking to ram the legislation forward without a fair and open amendments process (11 PVLR 1227, 8/6/12).

“Unfortunately, this is like the movie 'Groundhog Day,' ” Sen. Charles Grassley (R-Iowa), ranking member of the Senate Judiciary Committee, said on the floor as the bill was under reconsideration. “The majority continues to push the same flawed legislation that failed to garner enough votes for consideration just three months ago.”

A key area of contention has been language calling for voluntary cybersecurity standards for critical parts of the private sector. The Chamber of Commerce, which has actively lobbied against the bill, argues that the proposed standards could easily translate into burdensome government regulations.

Executive Order Weighed.

Meanwhile, in the wake of the Senate dispute, the Obama administration has said that it is weighing cybersecurity steps that it can take on its own, including the possibility of issuing an executive order (11 PVLR 1435, 9/24/12).

Following the Senate vote, Reid issued a statement saying that he hopes President Obama “uses all the authority of the executive branch at his disposal to fully protect our nation from the cyber security threat.”

“Republicans today showed we cannot count on them to take this threat seriously,” Reid said.

Among other provisions, the Cybersecurity Act calls for the government to administer a voluntary program to encourage “critical infrastructure” operators to adopt cybersecurity best practices. A previous version called for the Department of Homeland Security to issue mandatory cybersecurity standards for such entities.

The lead sponsors of the Cybersecurity Act are Sens. Joseph Lieberman (I-Conn.) and Susan Collins (R-Maine), the chairman and ranking member of the Senate Homeland Security and Governmental Affairs Committee. Senate Commerce Chairman John D. Rockefeller IV (D-W.Va.) and Senate Intelligence Chairman Dianne Feinstein (D-Calif.) are co-sponsors.

Upon reconsideration of the bill, Collins was one of only four Republicans who crossed party lines to vote in favor of advancing the measure. She was joined by outgoing Republican Sens. Olympia Snowe (Maine), Richard Lugar (Ind.), and Scott Brown (Mass.).

Cyberwarfare Directive Updated.

In a related development, the president recently signed a secret directive that enables the military to act more aggressively to thwart cyber-attacks, according to Nov. 14 news media reports.

A senior administration official confirmed in a statement to BNA that Obama has signed a classified directive related to “cyber operations,” updating a similar directive that dated back to 2004.

The updated directive does not provide any new authorities to U.S. military, intelligence community, and law enforcement agencies, nor does it cover or change the actions the government undertakes with the consent of private network owners, the official said.

By Alexei Alexis  

Full text of S. 3414 is available at


Request Bloomberg Law: Privacy & Data Security