CQ

CQ TODAY ONLINE NEWS – HOMELAND SECURITY
Nov. 8, 2012 – 7:18 a.m.

Cybersecurity Bill Prospects Remain Slim, With or Without Executive Order

By Tim Starks, CQ Staff

President Obama’s re-election means he is likely to soon issue an executive order on cybersecurity, something a President Romney probably would not have done — and that executive order could impact the prospects of Congress enacting legislation to defend the nation’s computer networks.

Senate Majority Leader Harry Reid, D-Nev., last month said he would bring up a stymied cybersecurity bill (S 3414) during the lame-duck session. A Senate Democratic aide said that Reid still intends to do so.

“Sen. Reid is committed to addressing cybersecurity and plans to bring the Cybersecurity Act of 2012 back to the floor when Congress returns,” the aide said. “Republicans who claim to understand the urgency of cyberthreats will have one more chance to act, and work with Democrats to pass this.”

In the meantime, though, the executive order — expected to mimic some of the stymied bill’s private sector voluntary standards and threat information sharing initiatives — could drop. And it’s not clear whether that order could nudge Congress to act.

“No one’s really sure if the executive order is going to make it harder or easier to do a bill,” said another Senate aide, who added that there are signs the order could come down during the lame-duck session.

Paul Rosenzweig, a security consultant and Heritage Foundation visiting fellow, said the order is unlikely to sway Republicans, although it’s the biggest factor for what might happen in a lame-duck session.

“The major dynamic-changer will be the executive order,” he said. “The president has threatened to bring out the executive order blunderbuss and fire it at them but I don’t think they’ll flinch.”

Senate Homeland Security and Governmental Affairs Chairman Joseph I. Lieberman, I-Conn., chief sponsor of the stymied bill, has said he hopes the order would be unpalatable enough to Republicans — because it would enforce stricter standards on the most at-risk companies than his legislation — that it would in turn prompt the GOP to seek a legislative compromise.

But the contents of the order could also undo some of the bill’s momentum, if it hews too closely to the legislation and makes passing a bill seem less necessary, Rosenzweig said.

When the Senate voted 52-46 on a motion to end debate on the bill in August, it fell short of the 60 votes needed to end a filibuster.

It is not clear if some of the six Democrats who voted against the motion could be swayed to support it a second time. Jon Tester, for instance, was in the midst of a close reelection campaign in Montana, and is now free of those pressures. Reid himself was one of the six who voted “no,” for procedural reasons.

But even if all of those Democrats switch votes, some additional Republicans would have to be enlisted to overcome the 60-vote threshold, making it an uphill climb unless an executive order spooks the GOP.

Many Republicans favor a more stripped-down bill like the one the House passed (HR 3523) that would only address how to improve threat information sharing between the federal government and industry. One group of Senate Republicans has introduced alternative legislation (S 3342) that also focuses primarily on information sharing.

Cybersecurity Bill Prospects Remain Slim, With or Without Executive Order

“The House passed an information-sharing bill with strong protections for privacy and civil liberties by an overwhelming bipartisan vote, and both Senate cyberbills have information sharing titles with very similar structures to the House bill that I believe we can reconcile if we put our minds to it,” said House Intelligence Chairman Mike Rogers, the Michigan Republican who is the chief sponsor of the information sharing bill. “American companies are under attack — they need our help, and they need it now. We don’t have a consensus in either the House or the Senate on broader issues like critical infrastructure regulation.”

But so far, Democrats have shown no signs of budging off the necessity that a cybersecurity bill address private sector security standards for the most vital digital infrastructure. They contend that they have compromised enough by making the Senate bill’s standards voluntary rather than mandatory, and that Republicans need to move toward their position.

If Congress doesn’t enact any cybersecurity legislation in the lame-duck session, the Senate picture becomes slightly more favorable for a reintroduced bill similar to the one that is currently tied up.

The Democratic gains in the Senate, combined with a broad influx of new members, could play to the advantage of the bill sponsors, said one Senate aide, noting that some of the new senators are less likely to be as dug into opposition as those who have already wrestled with the subject. On the other hand, one of the Democrats’ gains in the election was the seat held by Scott P. Brown, R-Mass., and he had voted in favor of moving forward with the Senate bill.

The aide also said that the longer Congress goes without acting, the more senators will become aware of the growing threat.

Another change in the Senate dynamic next year would be a shift in who would be pressing for passage. Lieberman is retiring, leaving the workload to fellow bill sponsors John D. Rockefeller IV, D-W. Va., Susan Collins, R-Maine, Dianne Feinstein, D-Calif. and Thomas R. Carper, D-Del.

Carper is expected to replace Lieberman atop the Homeland Security and Governmental Affairs Committee, and while Lieberman has campaigned tirelessly for the bill, Carper’s staff has already indicated that cybersecurity legislation would be one of his top priorities if a bill doesn’t pass in the lame duck.

Rosenzweig, however, said the overall dynamic for the Senate cybersecurity legislation next year will not change significantly, since neither party is likely to change its views on regulation of critical infrastructure.

© Congressional Quarterly, Inc. All Rights Reserved.
77 K Street N.E. | Washington, D.C. 20002-4681 | 202-650-6500
  • About CQ-Roll Call Group
  • Privacy Policy
  • Masthead
  • Terms & Conditions
Back to the Top