Senate Revisits Cybersecurity Measure
Seizing on recent international cyberattacks and a dire warning from Defense Secretary Leon Panetta, Senate Democratic leaders hope to pressure opponents back into talks on cybersecurity legislation.
“I appeal to our colleagues in the Senate and outside groups such as the U.S. Chamber of Commerce, who have opposed cybersecurity legislation, to come to the negotiating table in the spirit of compromise so that together we can act to protect our country from cyber-attack before it is too late,” Senate Homeland Security and Governmental Affairs Chairman Joe Lieberman (I-Conn.) said Monday in an emailed statement.
Citing “the imminent threat of cyber-attack and the daily intrusions into public and private networks that increasingly threaten our way of life,” Lieberman said, “the need to establish minimum security standards to protect our most important cyber-systems cannot be overstated.”
Lieberman’s comments come after Senate Majority Leader Harry Reid (D-Nev.) called for passage after the elections of a cybersecurity measure that was derailed in the Senate in August, referencing a speech Panetta delivered last week. Reid, who issued his statement over the weekend, blamed Republicans for blocking the bill. Of the 46 Senators opposing the measure, six were Democrats, including Reid, who voted against the bill to be able to bring it up again under Senate rules.
A Senate Democratic aide said that it was far from certain that the renewed effort will yield the desired result, but supporters welcomed the opportunity.
“We already had a bill; we already made lots of changes to it to accommodate Republicans,” the aide said. “Now we have new evidence … showing how serious this is. Our hope is that it puts them in a more accommodating mind, but we’ll see.”
A senior Senate GOP aide blamed Reid and Democrats for not allowing Republicans to offer amendments to the bill, which they argue has been a strategy by Reid to protect vulnerable Democrats from having to take tough votes.
“Republicans are hopeful that, on the second time around, Sen. Reid would fulfill his commitment to have an open and transparent process so this important issue could be fully and fairly vetted,” the GOP aide said. “Republicans have waited this whole session to consider and debate the National Defense Authorization Act — any appropriations bill, but especially the Defense appropriations act and legislation to improve our cybersecurity and information sharing. From his actions, though, it appears that Sen. Reid has never wanted open debate on any of these bills.”
With Congress at loggerheads over the issue, the White House is weighing whether to issue an executive order. Several Democrats have encouraged the White House to explore the matter, while Republicans have urged the administration to back off.
The bill championed by Lieberman and Homeland Security and Government Reform ranking member Susan Collins (R-Maine) was derailed in August when it did not win enough votes to cut off debate. The bill was the product of intense negotiations, and the result was a bill that asked companies to voluntarily comply instead of requiring them to take several security precautions.
The measure’s fiercest critic is the U.S. Chamber of Commerce, which is wary of new regulations that could hurt businesses, and the group remains opposed to the bill, according to a spokesman.
“There are several elements that our members disagree with, but we are committed to finding a solution,” the spokesman said.
In the first half of 2012, the chamber reported nearly $43 million in lobbying expenditures, but that figure includes money spent on advocacy and voter education in Washington, D.C., and around the country.
Republicans, including Sen. John McCain (Ariz.), have also been critical of the proposal. McCain has crafted his own cybersecurity bill.
Reid’s statement was spurred by a speech last week delivered by Panetta to the nonpartisan organization Business Executives for National Security. Panetta detailed recent devastating cyberattacks on businesses in the Middle East. Intelligence officials believe those attacks were perpetrated by Iran.
“In recent weeks, as many of you know, some large U.S. financial institutions were hit by so-called ‘Distributed Denial-of-Service’ attacks,” Panetta said. “These attacks delayed or disrupted services on customer websites. While this kind of tactic isn’t new, the scale and speed was unprecedented.”
“But even more alarming is an attack that happened two months ago, when a sophisticated virus called Shamoon infected computers at the Saudi Arabian state oil company, Aramco,” Panetta continued. “Shamoon included a routine called a ‘wiper,’ coded to self-execute. This routine replaced crucial system files with an image of a burning U.S. flag. It also put additional garbage data that overwrote all the real data on the machine.”
The attack rendered useless more than 30,000 computers, which had to be replaced, according to Panetta, who added that a similar attack on a “major energy company in the region” was launched a shortly after.
“All told, the Shamoon virus was probably the most destructive attack that the private sector has seen to date. Imagine the impact an attack like this would have on your company,” Panetta said.
Janie Lorber contributed to this report.