08/01/2012 07:35 pm ET Updated Oct 01, 2012

New Cybersecurity Law: 2012 Looking Less And Less Like Its Year

By Jasmin Melvin

WASHINGTON (Reuters) - Despite growing concerns of the threat of cyber attacks, chances of a new U.S. cybersecurity law passing this year faded Thursday as Senate Republicans blocked a bill that would have let the government and companies share information about attacks on computer networks.

The measure had been viewed as one of the few that might draw enough bipartisan support to get through the largely deadlocked Congress. Experts say there is an urgent need to address vulnerabilities of government and private systems controlling everything from highway traffic to financial services.

But the Senate mustered just 52 of the 60 votes needed in the 100-member body to advance the bill to a final vote, effectively sidelining it.

Business groups including the U.S. Chamber of Commerce complained that the bill was government over-regulation, and some Republicans wanted more opportunity to push amendments. Privacy groups and some Democrats have voiced concerns about the potential for Internet eavesdropping in the legislation.

There is still a slim chance for passage before January, when the current Congress ends. But with the session winding down ahead of the November 6 congressional and presidential elections and lawmakers at odds over partisan issues of taxes and spending, cybersecurity may fall by the way.

The House of Representatives passed a narrower version in April, and the Senate bill needed to pass this week to give lawmakers from both chambers time to informally broker a deal on final legislation during the August recess, said Stewart Baker, a former senior official at the Department of Homeland Security and now a cybersecurity expert at the law firm Steptoe and Johnson.

The House version would allow companies and the government to share information about hacking. The current version of the Senate bill took a broader approach that would also create a set of voluntary cybersecurity standards for companies in charge of U.S. energy, water, transportation and other critical infrastructure.


The U.S. Chamber has said it was concerned the voluntary system of cybersecurity best practices could become a mandatory regulatory scheme imposed on businesses.

"(Congress) should offer businesses some legitimate carrots — and not use incentives as a thinly veiled way to regulate the business community," said Matthew Eggers, senior director of National Security and Emergency Preparedness at the U.S. Chamber.

Senate Majority Leader Harry Reid blasted the business lobby's position.

"It's obvious," the Democrat said, that until Republicans "get a sign off from the Chamber of Commerce, nothing will happen on one of the most important security interests this country has faced in generations."

Reid said he tried to push the bill to a final vote to keep Republicans from demanding votes on unrelated amendments, such as the repeal of the healthcare overhaul.

But Senate Republican leader Mitch McConnell said Democrats had tried to ram the cybersecurity bill through without adequate review.

"Look: this is a big, complicated, far-reaching bill that involves several committees of jurisdiction. Democrat leaders haven't allowed any of these committees to improve the bill or even vote on it," McConnell said.

"We descended once again to gridlock, to partisan attack and counter attack. We will leave our country vulnerable," said Senator Joe Lieberman, an Independent and a lead sponsor of the bill.

Cyber threats to the nation's electric grid, water supply and other critical infrastructure and pressure from constituents could motivate senators to consider the bill again in early September when Congress returns from the recess, lawmakers from both parties and experts said.

"As for the prospects for the bill, never doubt the ability of Congress to scramble to pass a security bill late in an election year," said Gregory Nojeim, director of the Project on Freedom, Security and Technology at the Center for Democracy & Technology.

"You don't want to have to wait until you get some kind of negative cyber activity that's in the news," said Tom Davis, a former congressman who wrote a 2002 law that required federal agencies to develop a plan for information security.

Ahead of the elections, the House is scheduled to be in session for eight days in September and a week in October, raising the question of whether such a complex issue can be tackled with only days to bring it to a vote.

"There's no denying that this is their last good chance to get something done as we get into election season," said Matt Wood, policy director for the public interest group Free Press.

Delaying into next year could mean new players, new congressional committee chairmen and possibly a new presidential administration, particularly as the current chairman of the key committee on the bill, Lieberman, is retiring.

"If the bill doesn't pass this year, there's a possibility that there would be substantial changes in the legislation next year because the lead Senate sponsor is retiring," Nojeim said.

(Reporting By Jasmin Melvin; Editing by Sandra Maler and Vicki Allen)