In a rush order move that the bill’s principal author, Sen. Joseph Lieberman (I – Conn.) called “not rushing,” the Senate majority leader will bring to the floor a critical, completely revised cybersecurity bill for a full vote. The move would skip any markup and debate sessions in such committees as the Homeland Security Committee which Sen. Lieberman chairs, and whose ranking Republican – Sen. Susan Collins (R – Maine) – is a co-sponsor. This news was first reported early this morning by The Hill‘s Brendon Sasso.
A draft of the mostly revised Cybersecurity Act of 2012 was released late Tuesday. The new language now omits the most controversial element of the 2011 bill – one which would have granted government authorities oversight rights over any data center housing government data, in the event of a national cybersecurity emergency.
In place of that language are terms which may be considered much friendlier to the private industries upon which more and more government agencies rely. Drastic cost-cutting measures in order to meet lower deficit spending targets have compelled agencies to expedite their transition to cloud-based architectures that pool compute, storage, and network power along with private providers.
Cloud Seizure Averted
The fear had been that government data housed on private systems would become more susceptible to attacks. The 2011 bill would have designated an authority to take control in the event of a cyber-emergency – control that would have placed private systems temporarily under government administrative authority. Remedial measures would have then been determined by that authority.
But as many industry experts have argued and even testified since this whole debate began, private industry may have a far deeper and more viable plan for how to respond in a cyber-emergency, than government may ever hope to duplicate.
The 2012 bill’s language instead does not designate what happens in a cyber-emergency – at least, not at this time. Instead, it would launch a process for assembling a public/private sector partnership, under the direction of the Secretary of Homeland Security, for consultation and formulation of more realistic measures for securing critical infrastructure.
The new bill now relies on existing law – specifically, the Patriot Act – to define what “critical infrastructure” means. That may be a concession to skeptics who perceived the 2011 bill as extending the blanket of government control to any device that has a government-owned bit stored on it. However, the 2012 bill’s language continues to define a “cyber risk” as something that poses a risk. That language may not have an opportunity to be refined before the bill comes to the Senate floor for a vote.
Not Another PIPA
According to The Hill‘s reporting, the rush order was made by Majority Leader Harry Reid (D – Nev.), in a move which may be interpreted as an overt attempt to avoid “another PIPA” – a repeat of the fate of the SOPA/PIPA bills. Extended markup sessions and subcommittee debates gave public advocacy groups ample time to mount one of the most effective opposition campaigns in U.S. history.
After those bills’ monumental defeat, legislators appear to perceive the public as willing to actively campaign against any legislation whatsoever that would strengthen government oversight of the Internet – even if that oversight is in the public interest, or a matter of national security.
In a statement issued Tuesday, Sen. Lieberman said his new cybersecurity bill should not be confused with SOPA/PIPA in any way – one is about piracy, and the other about national security. (In other words, please put down the protest signs.) But the omission of the cybersecurity authority provision, and striking the entire section creating what would have been a federal cybersecurity administrator reporting directly to the President, were done “to move the legislative process forward,” Lieberman’s office said.
That excuse wasn’t good enough for the ranking Republican members of five committees, who are not buying Lieberman’s argument that the remaining language was composited from bills that have already passed committee markup in recent years. Those senators, who included John McCain (R – Ariz.) and Kay Bailey Hutchison (R – Tex.), were among seven who signed a letter to Sen. Reid on Tuesday insisting on committee debates. The letter argued that, while Reid established bipartisan working groups to discuss cybersecurity legislation perhaps to meet some artificial quota for bipartisanship, schedulers made certain those groups never actually met.
“While some committees have held hearing and executive business meetings on other cyber-related bills within their jurisdiction,” the letter reads, “the relevant committees have not had the opportunity to weigh in on this measure even though it cuts across committee jurisdictions. We call upon our Senate Leadership to allow the committees of jurisdiction to convene hearings and conduct executive business meetings on this new bill so that Senators can be properly educated on this complicated measure and the committees of jurisdiction can provide their necessary perspective before any measure is brought to the Senate floor for consideration.”
Although Sen. Lieberman is officially an independent, he was formerly a Democrat and continues to caucus with Senate Democrats. His chairmanship of the Homeland Security Committee was worked out through a deal with the Democratic leadership. However, Lieberman and Sen. McCain have previously been partners in homeland security-related legislation.