A week after President Obama unveiled an executive order aimed at protecting the country from cyberattacks, attention is turning to Congress, where Sen. Jay Rockefeller, D-W.Va., is taking the lead on crafting broad legislation to fight cybercrimes and combat threats to critical infrastructure such as power grids and water supplies.
Late last month, Rockefeller introduced a bill laying out areas of focus for proposed cyber-related legislation. Among the priorities it identifies: better training for America's cyberwarriors, protections against online identity theft and crime, and, most important, building out a system for public-private information sharing that isn't too controversial.
Rockefeller, chairman of the Senate Commerce Committee, has long championed of such a measure. He was one of four cosponsors last year on a Senate cybersecurity bill—the Cybersecurity Act of 2012—that ultimately was rejected by Republicans, business groups, and privacy advocates. Rockefeller was so frustrated by the legislative defeat that he began writing letters to Fortune 500 CEOs, asking them to describe their companies' state of cyberattack readiness.
Six other Democrats have already signed on to Rockefeller's cause this year: Thomas Carper and Christopher Coons of Delaware; Dianne Feinstein of California; Carl Levin of Michigan; Barbara Mikulski of Maryland; and Sheldon Whitehouse of Rhode Island. Of those, only Carper and Feinstein had had close involvement on the previous year's bill—a sign of how quickly cyber has expanded as a federal priority in just a matter of months. Levin chairs the powerful Senate Armed Services Committee. Together with Feinstein, who heads the Senate Intelligence Committee, expect Levin to play an outsized role in crafting the law. Coons told Politico this week that he expects to hold hearings on Obama's executive order before the end of March.
Sen. Joe Lieberman, ID-Conn., a lead player in last year's effort to pass a broad bill on cybersecurity, retired from his job last year. Another key player in the 2012 effort, Sen. Susan Collins, R-Maine, no longer sits on the Senate Homeland Security Committee.
The bill that Lieberman and Collins proposed last year was pilloried by civil-liberties watchdogs like the San Francisco-based Electronic Frontier Foundation, which argued its language was far too broad and opened the door to potential abuse of consumer information. Critics of the Lieberman-Collins legislation disliked provisions that put spy agencies in the lead on cybersecurity. Changes made to the bill in mid-July gave a greater role to civilian agencies, helping to ease some of those criticisms, but the bill still failed to clear the Senate.
Privacy and corporate-liability protections are likely to be among the most contentious issues this year, as they were in the fight over the 2012 legislation. In the House, Intelligence Committee Chairman Mike Rogers, R-Mich., and ranking Democrat Dutch Ruppersberger of Maryland have introduced a cybersecurity bill that mirrors last year's House bill—a version that drew fire from the American Civil Liberties Union, Reporters Without Borders, and even Tim Berners-Lee, the Briton widely credited with inventing the Internet.
Lawmakers, White House officials, and outside groups believe they can overcome some of last year's obstacles. When asked what they’ve learned from the previous effort to push bipartisan legislation through Congress, administration officials said they are stepping up their efforts to reach out to businesses and other players. There is pressure on both sides to forge a deal, said Patrick Gallagher, director of the National Institute of Standards and Technology.
“Tension and debate in legislation,” Gallagher told a Washington think-tank audience Friday, “can actually create a strong headwind on ongoing activities. Even a technical-standards discussion suddenly gets distorted when the intent of that effort gets called into question in debates about legislation.”