When Republicans in the Senate blocked passage of a comprehensive cybersecurity bill earlier this month, they claimed that its requirements on businesses to report attacks by hackers and foreign governments and adopt minimum security standards would hinder business innovation. Those objections were not only unwarranted, they were also misleading.
The legislation, sponsored by Connecticut’s independent Senator Joseph Lieberman and Maine Republican Susan Collins, had two primary objectives. The first would have instituted a no-fault reporting requirement on companies in the event of a cyber-attack; this would finally provide data on the magnitude of threats from pranksters, criminal enterprises, and enemy governments. In addition, as originally written, companies would have been required to establish security protections to defend themselves from attacks. Since most of the nation’s water systems, electric utilities, and critical infrastructure reside in private-sector hands, minimum standards are warranted.
In the wake of a relentless campaign by the US Chamber of Commerce, final passage of the cybersecurity bill has been delayed indefinitely. Unlike leading Internet firms, who cooperated with the authors of the bill, the chamber had no desire to find middle ground. Under the ruse of “overregulation,” it found an audience in Republicans on Capitol Hill who were willing to sacrifice national security in hopes of redoing the bill if they gain in November’s elections .
By the end, proponents of the legislation were even willing to leave the matter of establishing security systems to the industry itself; businesses that participated in the voluntary effort would be immune from liability should an attack occur. Despite broad support in the national security community, business interests persisted in an ideological objection despite the real threats America faces.
Regulation aside, the greater impact of the legislation had to do with defining the roles of federal agencies in ensuring that vital networks are protected. Through the legislation, Congress and the Obama administration sought to establish clear lines of responsibility and budgetary authority across the government. That important part of the legislation was lost, too — though who knows if any of the bill’s detractors bothered to read it before sacrificing such important provisions for the sake of an ideological battle.