WASHINGTON – Earlier this year, top national security officials held a classified briefing in the Capitol for about half of the U.S. Senate, warning that the country’s critical infrastructure was highly vulnerable to a major cyberattack and urging Congress to move swiftly to require new safeguards.
Gen. Keith Alexander, head of the National Security Agency, and Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff, were among those who pressed for a White House-backed cybersecurity bill to regulate privately owned critical infrastructure, such as electric utilities, chemical plants and water systems.
If the senators didn’t act, they argued, it would make it harder for them to stop hackers, criminals and nation states from wreaking unimaginable havoc, such as knocking out sections of New York City’s electrical grid for days during a summer heat wave.
But the U.S. Chamber of Commerce and other business groups strenuously opposed the measure, condemning it as excessive government interference in the free market and arguing that cumbersome federal regulations could hamper companies trying to defend against cyber intrusions.
Democrats overwhelmingly supported the legislation, but for Republicans, it meant a stark choice between competing constituencies: national security officials and business leaders. Even after the bill’s backers made the standards voluntary, the Chamber of Commerce, which spends more on lobbying than any other trade group, opposed it.
On Thursday, the Senate cybersecurity bill failed to overcome a Republican-led filibuster. Analysts say the bill couldn’t breach a wall of anti-regulatory sentiment that proved resistant to the dire warnings.
The measure fell short of the 60-vote threshold needed to end debate, 52-46, with 40 Republicans joined by six Democrats voting in support of the filibuster.
“Rarely have I been so disappointed in the Senate’s failure to come to grips with a threat to our country,” said Sen. Susan Collins, the ranking Republican on the homeland security committee and one of the bill’s chief sponsors, who had tried in vain to sway her GOP colleagues. Just four sided with her.
Barring an unexpected compromise, the defeat makes it unlikely that Congress will pass a cybersecurity bill this year. In April, the GOP-controlled House passed a bill that calls for companies and the government to share information about cyberattacks, but imposes no security standards. The White House opposes that bill over concerns about privacy issues.
The Senate bill included information-sharing provisions that had been negotiated with civil liberties groups. Intelligence officials said it would have improved detection of the near-daily barrage of cyber intrusions.
“The same forces that have kept Capitol Hill in gridlock on many important issues have also blocked effective cybersecurity legislation,” James Lewis, an expert at the Center for Strategic and International Studies in Washington, wrote in an online commentary.
The Senate bill – whose chief sponsors were the leaders of the homeland security committee, Collins and Joseph Lieberman, I-Conn. – initially called for mandatory minimum security standards to shore up computer networks. Those standards, which were to be crafted in close concert with industry representatives, were intended to force companies that own life-sustaining equipment to install new protections. Some have been reluctant to spend money to improve security against what they see as a speculative threat.
But the Chamber of Commerce strongly opposed mandatory standards. In recent weeks some Senate Republicans, including John McCain, R-Ariz., made it clear they would seek to block the bill.
To save it, proponents scaled it back. The version that came up for a vote called for a system of voluntary security standards, offering immunity from lawsuits to companies that participated.
Those changes weren’t enough to mollify the Chamber and its Republican allies.
“The Chamber believes (the bill) could actually impede U.S. cyber security by shifting businesses’ resources away from implementing robust and effective security measures and toward meeting government mandates,” wrote Bruce Josten, the chamber’s chief lobbyist, in a letter to senators Tuesday.
The opposition frustrated the nation’s top intelligence officials, who have been warning for years that cyberattacks – the most destructive of which could tamper with nuclear, chemical, water and electric plants – pose an increasing threat to national security.
“It’s incomprehensible why they are opposing it,” said John Brennan, the White House counterterrorism adviser. “It’s not grounded in facts nor in national security concerns.”