Copyright © 2017 ALM Media Properties, LLC. All Rights Reserved.
During a summer in which the head of the National Security Agency revealed that cyberattacks on business and government have increased 1700 percent—and in which said NSA chief openly invited hackers to join forces with the U.S. government at a conference in Vegas—so did a highly anticipated piece of cybersecurity legislation meet a bitter end. Both of which should be turning the heads of corporate risk officers. On Thursday, a filibuster by Senate Republicans blocked the Cybersecurity Act of 2012 at a critical juncture, killing the possibility of a full vote before the Congress’s August recess—and quite possibly ending the bill’s chances at passage for the rest of the year. The bill called for new standards to secure computer networks across critical infrastructure industries—including energy and banking. Sponsored by an Independent and a Republican, the sponsors had already revamped the legislation in an effort to attract more Republican votes. And its defeat has prompted laments from the White House, lawmakers, and a host of security experts. So how did a bill with so many supporters end up . . . nowhere? Objections raised by the U.S. Chamber of Commerce played a major role, as a story by Ken Dilanian in the Los Angeles Times illustrates. The Chamber opposed mandatory security standards for critical infrastructure companies, which were in an earlier version of the bill. Even when those requirements were scaled back, however (leading to complaints that the bill had lost its teeth), opposition from the Chamber continued, according to the Times:
“The chamber believes [the bill] could actually impede U.S. cybersecurity by shifting businesses’ resources away from implementing robust and effective security measures and toward meeting government mandates,” Bruce Josten, the Chamber’s chief lobbyist, wrote in a letter to senators Tuesday.