In a 52-46 vote, the Senate shut down the Cybersecurity Act of 2012, essentially blocking any chance at cybersecurity legislation passing this year, and maybe for years to come. The bill failed to gain the 60 votes needed to move the bill past cloture and go up for a full vote.
The unsurprising defeat of the Cybersecurity Act of 2012 (CSA2012), proposed by Sens. Joe Lieberman (I-CT) and Susan Collins (R-ME) is seen as a blow to President Obama, who expressed strong support for cybersecurity legislation that would have bolstered protections for critical infrastructure networks, like water supply systems and electrical grids, from attacks by rogue hackers and foreign nation states.
“This is one of those days when I fear for our country and I’m not proud of the United States Senate,” said Lieberman following the Senate vote. “We’ve got a crisis, and it’s one that we all acknowledge. It’s not just that there’s a theoretical or speculative threat of cyber attack against our country — it’s real.”
Despite strong support from Democrats and the White House, CSA2012 faced opposition from both business groups and privacy advocates, though their reasons for dissent differed. The U.S. Chamber of Commerce said the bill would have imposed debilitating pressures on businesses to establish cybersecurity measures. In contrast, civil liberty groups like Fight for the Future and the Electronic Frontier Foundation said the bill would have allowed businesses to spy on Web users, and expose that information to the U.S. government.
But not all civil liberty advocates saw Lieberman’s bill as a bad choice for Web users. In a statement following the blockage of CSA2012, the American Civil Liberties Union lamented the early death of the “improved cybersecurity bill,” which included protections against the passage of private information to military agencies, like the National Security Agency. The ACLU urged Members of Congress to make sure any future cybersecurity legislation includes similar users protections.
“Regardless of today’s vote, the issue of cybersecurity is far from dead,” said Michelle Richardson, ACLU legislative counsel. “When Congress inevitably picks up this issue again, the privacy amendments in this bill should remain the vanguard for any future bills. We’ll continue to work with Congress to make sure that the government’s cybersecurity efforts include privacy protections. Cybersecurity and our online privacy should not be a zero sum game.”
The blockage of CSA2012 does not necessarily mean the end of government-imposed security measures — something Republicans in both houses of Congress strongly oppose. Jim Lewis, director of technology and public policy at the Center for Strategic and International Studies, explained to The Hill on Thursday that President Obama could still order government agencies to establish certain cybersecurity standards.
“The executive order option has been off the table because people were waiting to see what would happen with legislation,” Lewis said. “But the president could direct agencies to use their existing authorities to require cybersecurity standards. He could do that right now.”
Updated with statement from the ACLU; updated with statement from Lieberman