recommended reading

Cybersecurity bill on life support

Alex Brandon/AP

Members of the Senate said they are open to reviving a cybersecurity bill that failed to advance on Thursday, but the political and policy spats that plagued the legislation for months won’t disappear any time soon.

As the Senate failed to break a filibuster of the bill, Senate Majority Leader Harry Reid, D-Nev., changed his vote in a procedural move that will allow him to bring the bill back to the floor at a later time. He has said that if both sides can agree on a “finite” number of relevant amendments, the bill could be brought back to the floor when Congress returns in September.

Members of both parties agreed it was an issue that calls for congressional action. “I think everyone knows not passing a bill is certainly not an option,” said Minority Leader Mitch McConnell, R-Ky. “This bill will be back because it must be back. So the vote today is not the end of the discussion but rather the beginning of the discussion.”

But moving from calling for action to actually acting has proved difficult for Congress.

None of the issues that brought the Senate to an impasse have been resolved. Republicans blamed Democrats for using national security as an excuse to not allow amendments. Democrats accused Republicans of hijacking the process by insisting on amendments aimed at repealing the health care law and banning certain abortions in the District of Columbia.

And neither side agrees on how much authority government should have to ensure companies are securing their networks from cyberattacks.

“It’s hard to be optimistic but I’m open to further discussion because the threat is so real,” the bill's lead sponsor, Senate Homeland Security and Governmental Affairs Chairman Joe Lieberman, I-Conn., told reporters after the vote.

He acknowledged being disappointed and angry over how the debate disintegrated. Lieberman’s bill had been stalled for months while sponsors worked out compromise language to win support from industry and Republicans. When those changes were made, however, the bill’s most vocal critics didn’t budge.

“Once again members of Congress have failed to come together to deal with a serious national problem,” he said. “It’s hard to see today as anything but a failure for the Senate and a setback for our national security.”

Lieberman said that in order for a bill to pass, Republicans and other critics like the U.S. Chamber of Commerce need to be willing to compromise with the White House and others who say government should have some role in making sure critical infrastructure networks like electric grids and water supplies are protected.

For their part, Republicans said that Reid has “steamrolled” the bill by not holding hearings and then filing cloture before an agreement on amendments could be reached.

“We needed the time to put the amendments forward,” said Senate Commerce ranking member Kay Bailey Hutchison, R-Texas. She said she hopes that in the fall the Senate can come together on a bill that would combine pieces of the Cybersecurity Act with a Republican bill that lacks any government role in critical infrastructure, and bipartisan compromise language that envisions more voluntary measures.

Outside observers said that the ongoing threat from cyberattacks means cybersecurity legislation will inevitably return. “Regardless of today’s vote, the issue of cybersecurity is far from dead,” said Michelle Richardson, a legislative counsel for the American Civil Liberties Union, which has lobbied to boost privacy protections in cybersecurity bills. Objections from civil-liberties groups make it unlikely that the Senate or the White House will agree to a bill passed by the House that encourages businesses and government to share cyberthreat information with each other.

The Center for Strategic and International Studies’ James Lewis, meanwhile, says he sees "very little prospect" that anything significant will be accomplished before next year.

While the extent of the threat from cyberattacks remains disputed, national-security officials have pressured Congress to act and lawmakers don’t appear ready to stop talking about the issue.

“Maybe this is a time to cool our jets, but this is not a time to turn them off,” Cybersecurity Act cosponsor Sen. Tom Carper, D-Del., told reporters. “Did we lose an opportunity? You bet we have. But we’ll do a better job legislating not on the heels of a cyberattack.”

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.