Senators seek to defuse criticism of cybersecurity bill

Senate Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman, I-Conn., and ranking member Susan Collins, R-Maine, plan to fight back Thursday against criticism that their sweeping cybersecurity bill goes too far in allowing the government to shut down Internet services during emergencies.

The bill, which their committee plans to mark up Thursday, has come under fire in the blogosphere and from some privacy-rights advocates because it would give the president authority to declare a national cybersecurity emergency and take critical information technology systems offline in dire situations when no other option is available.

Under the bill, the emergency declaration could last for 30 days and then be renewed.

But Lieberman and Collins, along with Sen. Tom Carper, D-Del., another principal sponsor of the measure, plan to introduce a manager's amendment Thursday that would require a congressional resolution of approval if the president wants to impose emergency measures longer than 120 days.

The senators also issued a document Wednesday to counter what they said are myths being spread about their bill.

"What is new and innovative about our bill is that we give the president a range of options to address the most severe threats," Lieberman said in a statement. "Our bill provides the president with a scalpel to address threats to individual systems or networks, so he can avoid using the sledgehammer of shutting down entire communications networks.

"Further, our bill requires that any emergency measure be the least disruptive step necessary to protect the system or network affected," he added. "The president cannot act without considering the interests of both the American people and the operations of the company involved."

A committee spokeswoman said the president has the authority to shut down wired communications services under the 1934 Communications Act.

But the fate of the senators' bill remains uncertain because of the introduction of competing legislation and a crowded legislative schedule that makes it unlikely the Lieberman-Collins-Carper measure will see floor action anytime soon.

Senate Commerce Committee Chairman John (Jay) Rockefeller, D-W.V., and Sen. Olympia Snowe, R-Maine, have introduced a cybersecurity bill, which after months of reworking would not give the president the power to shut down online services.

Senate Majority Leader Harry Reid, D-Nev., is making moves to merge the competing bills. Reid is expected to summon key committee chairmen for a meeting shortly after the Independence Day recess to follow through on an agreement among senators earlier this month to work on comprehensive cybersecurity legislation, a Reid spokeswoman said.

"We are actively working with the committees on pulling that legislation together, building on their existing good work in this area," she said.

Key aides who spoke Tuesday at a conference in Washington hosted by Symantec said they see momentum growing for cybersecurity legislation.

"We're at a tipping point now," said Jacob Olcott, counsel for the Senate Commerce Committee. "This is something that is on the minds and lips of virtually everybody in the Senate."

He said there are "broad agreements" between the Commerce and the Homeland Security bills, but identified five areas that will be the subject of "high-level discussions" in the coming weeks.

One issue focuses on the role the federal government should play in preventing cybersecurity attacks against privately owned critical infrastructure, such as telecommunications systems and electrical grids, Olcott said.

Another involves the proper authorities the president should have during emergencies. Also, lawmakers must resolve the role different agencies should play in protecting electronic networks, said Olcott, mentioning the Homeland Security, Defense and Commerce departments; National Institute of Standards and Technology; and the White House in particular.

Other issues include how best to update the 2002 Federal Information Security Management Act, and improve the nation's cybersecurity workforce, Olcott said.