Cybersecurity bill fails to pass in U.S. Senate

The U.S. Senate has failed to pass legislation to protect the country's electrical grid, water supplies and other criticalinfrastructure from cyberattack and electronic espionage.

The bill fell short Thursday of the votes needed to move the Cybersecurity Act of 2012 forward before Congress takes a month-long break.

The measure would have established a voluntary cybersecurity program for the owners and operators of essential infrastructure and would have allowed federal agencies and businesses to share informationabout cyberthreats or malicious software that can destroy computer networks.

U.S. President Barack Obama and top national security officials have warned about the potential for devastating assaults onU.S. computer networks and urged Congress to pass the legislation as soon as possible.

But Republicans argued the bill would have led to mandatory regulations imposed by Washington that would only increase the private sector's costs without substantially reducing the risks.

Bill amended to appease Republican critics

Senate majority leader Harry Reid, a Democrat from Nevada, said Wednesday that major changes had been made to the legislation to accommodate Republican concerns, and he accused the GOP of playing politics with a pressing national security issue.

Instead of a thoughtful debate on the risks of cyberattacks, Reid said, Republican senators have sought to offer unrelated amendments to the bill, including one to repeal Obama's health care law.

"I thought they were going to be serious about this," Reid said. "But they're not."

The most significant revision made to the legislation was the removal of a regulatory section, opposed by Republicans, that would have required companies operating critical infrastructure to meet basic cybersecurity standards established by the Homeland Security Department.

The new version of the bill offered incentives, such as liability protection and technical assistance, to businesses that voluntarily participated in a government-managed cybersecurity program. Industry associations and groups would be involved in developing the standards needed to blunt the risks of cyberattacks, according to the revised legislation.

But the U.S. Chamber of Commerce, which has been an influential voice during the debate, said the voluntary program was nothing more than a "springboard" to federal regulations that would take time and money away from efforts businesses already have under way to protect their networks. Once a "government-driven `voluntary' standards system is enacted," the Chamber said on its FreeEnterprise blog, "it's only a short hop to a mandatory one because the administration has the intent and regulatory leverage."

Legislation recommended by security advisers

The failure to approve the Cybersecurity Act amounted to a rejection of the advice from senior national security officials, including Gen. Martin Dempsey, the chairman of the Joint Chiefs of Staff, who have been calling for Congress to enact comprehensive legislation to deal with cyberthreats.

"The uncomfortable reality of our world today is that bits and bytes can be as threatening as bullets and bombs," Dempsey said in a letter Wednesday to Democratic Senator Jay Rockefeller of West Virginia.

The owners and operators of critical industries reported nearly 200 cyber intrusions in 2011, a nearly 400 per cent increase from 2010, according toSenator Susan Collins, a Republican from Maine and one of the bill's primary co-sponsors,and Joe Lieberman, an independent senator from Connecticut who is one of the Cybersecurity Act's main authors.

U.S. companies lose about $250 billion US a year due to theft in cyberspace of intellectual property, Collins and Lieberman said.

Attackers are also becoming more aggressive, moving from the theft of data to the disruption of networks, said U.S. Army Gen. Keith Alexander, the top officer at the Pentagon's Cyber Command.

"Our concern is that they're going toward destruction, which would have significant impact," Alexander said.