This article was published on April 29, 2013

With CISPA dead, a look ahead to the Senate’s coming work on cybersecurity


With CISPA dead, a look ahead to the Senate’s coming work on cybersecurity

We’re back to where we were, amazingly. In 2012, we watched CISPA pass in the House, insufficiently amended to protect the privacy of the average citizen. The President threatened to veto the bill. The Senate worked on its own law, all but ignoring what the House had produced.

And in 2013, the same tune is being hummed. CISPA has passed the House, again. The President threatened to veto the bill, again. And the Senate is, again, ignoring CISPA in favor of working on its own bill. Progress! I’m kidding. And frankly, if you were not impressed with the Senate’s efforts last year, I doubt that what we are going to see in 2013 will hearten you.

Let’s retread. Then retiring Senator Lieberman called the issue key, and threw his final days in office into working on it. Despite that, and massive pressure from both the media and Executive branch, the Senate failed to pass a bill. To recap: The House produced a bill that could not pass, and the Senate didn’t even get that far.

The issue slid into the hands of the next Congress, our current set of elected officials. The amendment process failed to create a bill that garnered 60 votes. From right before it failed:

After pressure from Sen. McCain and others, the bill’s security mandates for critical infrastructure were stripped. However, even with that, compromise fell short. Over 200 amendments were filed change to the bill. That prompted Senator Lieberman to actually publicly castigate his peers for being off topic.

Its final failure:

[T]oday’s vote on the leading cybersecurity bill in the US Senate failed 52-46. While the measure did garner a simple majority, it did not hit the 60 vote threshold required to break a fillibuster. Thus, given the current operational paradigm of the Senate, it failed.

What happened? A short look backwards will explain what we’re likely to see over the next few months.

Mandatory Standards

If you had to explain why the Senate failed to pass a bill, the short answer is this: mandatory security standards for critical infrastructure. The Senate majority wanted them, whilst the other American political party did not.

In short, to many, the addition of any new regulation on business is unacceptable. This led to horsetrading around creating incentives to promote the meeting of cyber standards by critical infrastructure elements, but not out-and-out mandates. That wasn’t enough. It appears unlikely that the climate has changed in the Senate.

Given that, the key philosophical difference, no clear path exists for cybersecurity to advance in the Senate. Unless compromise can find legs that it lacked last year, progress will be a combination of halting and grinding. And that is if we see any progress at all.

Either mandatory standards are stripped from any Senate bill, or it may stand no chance of passage. Still, the President favored the standards before, so he will likely press for them again. This puts Senate Democrats in a hard place; is it better to pass something, even if it is only a fraction of their vision?

CISPA is behind us. The President’s cybersecurity executive order is behind us. It’s time for the Senate to stand up and lead.

Top Image Credit: Andrew Malone 

Get the TNW newsletter

Get the most important tech news in your inbox each week.