After months of negotiations, the Senate Thursday voted 84-11 to advance legislation that would establish new government regulations for the nation’s cyber network.
Recommended Stories
A bipartisan group of senators who drafted the Cybersecurity Act say new regulation is needed because experts contend it is only a matter of time before America is hit by a major cyber attack.
“How can we ignore their warning that we must act?” Sen. Susan Collins, R-Maine, a co-sponsor of the bill, said on the Senate floor. “That it is urgent and that we must have voluntary standards for critical infrastructure that if it were attacked, would result in mass casualties, mass evacuations, a severe blow to our economy or a serious degradation of our national security?”
But some senators are opposed to the bill because they believe it gives the government too much power over the nation’s privately run cyber networks, which make up the vast majority of nation’s online infrastructure.
The U.S. Chamber of Commerce wrote to senators Wednesday asking them to delay a vote on “a deeply flawed proposal.”
The bill would relegate responsibility for the nation’s cyber security to the Department of Homeland Security, which would implement regulations developed by a newly created National Cybersecurity Council.
Sen. John McCain, R-Ariz., said Thursday that he has no confidence that Homeland Security is prepared to oversee the nation’s cyber security.
“They can’t even screen airline passengers without constant controversy,” McCain said.
One of the chief arguments against the cybersecurity bill was that it required private industry to apply to its network solutions proposed by government. Collins, one of the sponsors of the bill, insisted that the current version of the bill would allow businesses to decide for themselves whether to implement the regulations developed by the Cybersecurity Council.
McCain disputed that claim during the floor debate Thursday.
Reading from page 23 of the bill, McCain said, “A federal agency with responsibility for regulating the security of critical infrastructure may adopt the cybersecurity practices as mandatory requirements.”
McCain, with the backing of other Republican senators, introduced an alternative bill that would leave it to private industry, rather than the government, to develop ways to improve cyber security. That bill includes liability protections for businesses that would be required to share information relating to serious cybersecurity threats to government agencies, including the National Security Agency and the Department of Defense.
Internet privacy advocates have criticized the McCain bill because of its reporting requirements.
The Cybersecurity Act advanced, in part, because Senate Majority Leader Harry Reid, D-Nev., agreed to allow lawmakers to offer amendments when the measure came up for a final vote.
McCain said he would offer his bill as an amendment.
Other amendments expected to be offered include a “sunset” provision that would kill the regulations after five years. Another would block Internet providers from scanning customer emails and other private information to search for cybersecurity threats.
