After the election was over, if you listened closely enough, you heard a few senators say they wanted to take another stab at the cybersecurity bill that failed earlier this year. Majority Leader Harry Reid, in fact, said that he wanted to make it his priority during this lame-duck period. It would have been a proper send-off to one of the bill’s primary proponents, Senator Joe Leiberman, who is retiring.
As Congress reconvened, cybersecurity did come front and center on the Senate floor, and a majority vote said let’s end debate and put the Cybersecurity Act to a vote. But in this unusual political world we are living in, 51 votes is no longer a majority. Instead, 60 votes were needed to move it forward or risk filibuster. The Cybersecurity Act, again, was stalled. Who knows what will happen with cybersecurity with the new Congress.
The Cybersecurity Act isn’t perfect, and, like many pieces of legislation, its strengths were sapped in order to appease the opponents who voted against it anyway. But as I sit here and watch the news stories of our largest financial institutions being hacked (easily) by DDoS attacks and the escalating warnings about the risks to the nation’s critical infrastructure, I find it disheartening that it is a topic that continues to be thrown under the rug or ignored.
I’m not the only one. Quoted by the Chicago Tribune, Senator Susan Collins said that she couldn’t think of another issue she has dealt with where the vulnerabilities are so great while very little has been done to address the situation. Or, as Stuart McClure, CEO/founder and president of Cylance, told me:
By not passing the cybersecurity bill, our government is failing to protect the American public in cyberspace, especially with increasing threats on our nation’s critical infrastructure. Information sharing represents a fundamental step in ensuring that threats are adequately addressed, but even a basic bill couldn’t get passed to create regulations around information sharing practices. Because of this, if someone from the NSA learns during a classified exercise that a company has been compromised, they cannot disclose the classified data even if it’s in the public’s best interest. This and many other instances showcase the need for legislation to ensure cyber protection, and information sharing is only the first step.
It looks like cybersecurity will be back to square one in 2013, but there are already a number of people lobbying for it to be the number one priority for the new Congress, as Computerworld pointed out:
"It is disappointing that senators haven't yet been able to reach an agreement on cybersecurity legislation -- but stalemate doesn't make the issue go away," BSA President and CEO Robert Holleyman said in a statement. "There is no getting around the fact that we need to bolster America's cybersecurity capabilities. We urge both parties to put this issue at the top of the agenda in the next Congress."
Until then, it looks like an executive order from the president is likely to be enacted as a way to better protect the critical infrastructure.