WASHINGTON — Despite warnings from intelligence officials that the U.S. is ill-prepared to stop a growing wave of cyber attacks against its critical national infrastructure, the Senate on Thursday failed to pass a watered-down bill that would have set voluntary standards to harden the network defenses of electric utilities, chemical plants and other privately-owned facilities.
Most Republicans and a few Democrats voted to block the measure even after its sponsors agreed to scale back its regulatory mandates. The U.S. Chamber of Commerce and other business groups continued to oppose it, and the legislation failed to reach the 60-vote threshold needed to end debate in a mostly party line vote. Fifty-two senators voted to end debate, and 46 voted against it.
“Rarely have I been so disappointed in the Senate’s failure to come to grips with a threat to our country,” said Sen. Susan Collins, R-Maine, the ranking member on the homeland security committee and one of the bill’s chief sponsors.
Barring an unexpected compromise, the defeat makes it less likely that Congress will pass a cyber security bill this year. In April, the GOP-controlled House passed a bill the White House opposes that calls for information sharing about cyber attacks between companies and the government, but no security standards. The Senate bill also included information-sharing provisions, which intelligence officials say would have allowed them to better detect incoming cyber attacks.
Analysts say the Senate measure ran into a wall of anti-regulatory sentiment among Republicans that has proved resistant even to dire warnings from top security officials that the nation’s critical infrastructure is woefully under-defended against the cyber threat. The voluntary standards were condemned by Republicans as too much government interference in the free market.
“No sane person has ever said that the private sector can carry the burden of national security,” said James Lewis of the Center for Strategic and International Studies, who frequently advises the government on cyber issues. “The fate of the cyber security bills is a part of a larger and damaging political debate on the role of government.”
The Senate bill — whose earliest sponsors were the leaders of the homeland security committee, Joseph Lieberman, I-Conn., and Collins — initially called for mandatory minimum security standards to shore up computer networks to be crafted in close concert with industry representatives. Those standards were designed to spur private companies that own life-sustaining equipment, including electric utilities and water systems, to improve security. Many have not been prepared to do that, arguing that the threats are speculative.
But the Chamber of Commerce, a major lobbying force in Washington, strongly opposed mandatory standards. In recent weeks, a group of Senate Republicans, including John McCain, R-Ariz., made it clear they would block the bill. In an effort to save it, proponents scaled it back. The version that came up for a vote called for a system of voluntary security standards and offered from lawsuits to companies that participate.
Those changes weren’t enough to mollify the chamber and its Republican allies.
“The Chamber believes (the bill) could actually impede U.S. cyber security by shifting businesses’ resources away from implementing robust and effective security measures and toward meeting government mandates,” wrote Bruce Josten, the Chamber’s chief lobbyist, in a letter to senators Tuesday.
“It’s incomprehensible why they are opposing it,” John Brennan, the White House counterterrorism adviser, told reporters Wednesday. “It’s not grounded in facts nor in national security concerns.”
©2012 Tribune Co.