Despite efforts by a group of senators to include concessions in a cybersecurity bill designed to protect critical infrastructure - including the electric grid - the legislation was blocked from consideration Thursday by Senate Republicans by a vote of 52-46.
Sens. Joseph Lieberman, I-Conn.; Susan Collins, R-Maine; Jay Rockefeller, D-W.Va.; and Diane Feinstein, D-Calif., reintroduced the Cybersecurity Act of 2012 (S.B. 3414) last month.
According to Lieberman, ideas from different senators - including Sen. John McCain, R-Ariz., who introduced the SECURE IT cybersecurity bill in late June - were incorporated into the latest version of the bill.
The bill would have done the following:
- Create a National Cybersecurity Council, made up of several agencies and chaired by the secretary of homeland security to lead cybersecurity efforts, including assessing the risks and vulnerabilities of critical infrastructure systems.
- Permit private industry groups to create and recommend voluntary cybersecurity standards to reduce identified risks. These standards would then be reviewed and approved by the council.
- Allow critical infrastructure owners to participate in a voluntary cybersecurity program. Owners would be able to demonstrate through self-certification or a third party that they are meeting voluntary standards.
- Allow current industry regulators to continue to oversee industry sectors.
- Allow information-sharing between the federal government and the private sector in order to share threats, incidents, best practices and solutions.
- Require designated critical infrastructure to report significant cyber incidents.
- Require improvement of security of federal civilian cyber networks through the reform of the Federal Information Security Management Act.
The Obama administration supported the legislation and called the move a "profound disappointment."
"Today, despite the strong leadership of Sens. Reid, Lieberman, Collins, Rockefeller and Feinstein, an overwhelming majority of Senate Republicans blocked consideration of the Cybersecurity Act of 2012, the only comprehensive piece of cybersecurity legislation that would have begun to address vulnerabilities in the nation’s critical infrastructure systems," according to a statement released by the White House Office of the Press Secretary.
