Industry expects to see compromise Senate cybersecurity framework soon

Industry groups are expecting to see the latest version of the cybersecurity compromise framework from Sens. Jon Kyl (R-Ariz.) and Sheldon Whitehouse (D-R.I.) in the coming days.

A staff prepared draft of the framework released last month received poor reviews by some business groups, including the U.S. Chamber of Commerce and Information Technology Industry Council, which saw it as too regulatory. The compromise’s chances of breaking the stalemate on cybersecurity legislation in the upper chamber could be put in jeopardy if the updated version receives another round of criticism from powerful industry groups.

{mosads}The framework aims to find a middle ground on a contentious measure in Sen. Joe Lieberman’s (I-Conn.) cybersecurity bill that would require companies that operate critical infrastructure to meet a set of security standards developed in part by the Homeland Security Department.  A group of Senate Republicans and the Chamber have argued that this measure would redirect the private sector’s focus from improving the security of its networks and systems to complying with new security rules.

“Everyone is anticipating the emergence of some type of a bipartisan compromise to break the current stalemate,” said Jessica Herrera-Flanigan, a partner at lobbying firm Monument Policy Group. “As such, every potential proposal is being looked at closely.”

The updated version of the framework does not include legislative language and is expected to be shared with the Chamber early next week, according to a Senate staffer.

In the meantime, Kyl and Whitehouse’s offices have been keeping the proposal closely under wraps. Spokesmen for Whitehouse and Kyl did not respond to requests for comment about the framework.

The White House has also made it clear that it wants security standards for critical infrastructure to be a part of any cybersecurity legislation that comes out of Congress.

This spring the White House issued a veto threat against a House cybersecurity bill, the Cyber Intelligence Sharing and Protection Act, that lacked critical infrastructure provisions and focused on improving information sharing about cyberthreats instead. Keith Alexander, the head of U.S. Cyber Command, and Homeland Security Secretary Janet Napolitano have also argued that critical infrastructure operators should be required to meet some sort of security standards when testifying on the Hill this year.

The Senate has been gridlocked on this question of how to better protect critical infrastructure since Lieberman’s bill was introduced in February.  A group of Senate Republicans led by Sen. John McCain (R-Ariz.) are sponsoring a rival cybersecurity measure that does not include security mandates for critical infrastructure operators and focuses on improving information sharing about cyberthreats between government and industry instead.  

Lieberman has said he expects Senate Majority Leader Harry Reid (D-Nev.) to take up his bill after the July recess. Reid has not given a timeframe on when the cybersecurity bill will see floor action but said he wants to tackle the issue this year.