Forum

Departing Lieberman Denied Final Legislative Victory With Defeat Of Cybersecurity Act

By: Mickey McCarter

Joe Lieberman retires from the US Senate at the end of this term after more than 20 years in the chamber. He spent the last half of that career largely focused on homeland security matters. 

So it's no surprise that Sen. Lieberman (I-Conn.) was disappointed with the failure Thursday of cybersecurity legislation that he prominently championed as the best way forward to protect critical infrastructure connected to cyberspace. Had the bill passed the Senate, it would have capped the remarkable career of the veteran lawmaker with a big victory.

However, Lieberman and his fellow sponsors of the Cybersecurity Act (S. 3414) were unable to convince enough Republicans to join them in supporting the bill, which ultimately did not receive enough votes to move forward, falling 52-46. (The bill required 60 votes in the Senate to win "cloture," ensuring the measure could not be blocked by fillibuster.)

"Am I disappointed? You bet I am. Am I angry? Yes I am. Because once again the members of Congress have failed to come together to deal with a serious national problem. All the more surprising in this case because of what's at stake here is the security and prosperity of the American people," Lieberman said.

"It's not just another political argument in a campaign. This is about what everyone acknowledges is rising to be a serious threat to America's security in the years ahead and that is the fact that we're not adequately defended against cyberattacks," he added. "It's hard to see that today is anything but a failure of the Senate and a setback for our national security."

[Editor's note: Click here to read Homeland Security Today's breaking coverage of the Senate vote Thursday.]

Lieberman and Sen. Susan Collins (R-Maine) underscored the impressive lineup up of defense and intelligence officials who called for the establishment of cybersecurity standards, whether voluntary or mandatory, and enhanced information sharing as a means to strengthen national cybersecurity posture and thus prevent the loss of billions of dollars annually or even perhaps the loss of life should key systems suffer a devastating cyberattack.

Supporters of the conceptual framework offered by the Cybersecurity Act included Joint Chiefs of Staff Chairman Martin Dempsey; Gen. Keith Alexander, the director of the National Security Agency; former CIA and NSA Director Michael Hayden; former Director of National Intelligence Mike McConnell; former Homeland Security Secretary Michael Chertoff; and at least half a dozen major information technology companies like Microsoft, Symantec and CA Technologies.

But some Republicans expressed doubts about the federal government saddling businesses with cybersecurity standards, even the voluntary ones in the revised Cybersecurity Act. Led by Sen. John McCain (R-Ariz.), they contended government was not smart enough to administer standards for a technology advanced and swiftly evolving area of the private sector. Such oversight could prove harmful rather than helpful, McCain argued.

McCain crystallized his opposition in a statement on the Senate floor Thursday, protesting that debate of the Cybersecurity Act should carry no restrictions.

"And while all of us recognize the importance of cybersecurity, we should not confuse opposition to this deeply flawed bill as a sign of somehow being unwilling to address the issue.  It has been my experience that when dealing with matters of national security and domestic policy, and in this bill is at the nexus of both, it is more important to work to get something done right, than just work to get something done. And while both efforts may result in enough material to create a headline, only one fulfills our purpose for being here in this body," McCain declared.

He continued, "As I have said time and time again, the threat we face in the cyberdomain is among the most significant and challenging threats of 21st century warfare. But this bill unfortunately takes us in the wrong direction and establishes a new national security precedent which fails to recognize the gravity of the threats we face in cyberspace. I agree that we must take appropriate steps to ensure that civil liberties are protected and believe we could have appropriately done so without removing the only institutions capable of protecting the United States from a cyberattack from counties like China, Russia and Iran -- from the frontlines. Making these entities more reliant on their less capable civilian counterparts is an unacceptable, precedent setting approach, which fails to recognize the unique real-time requirements for understanding the threat environment, anticipating attacks and responding when necessary."

McCain again touted his own legislation, the Strengthening and Enhancing Cybersecurity by Using Research, Education, Information and Technology (SECURE IT) Act (S. 3342), as the best approach for enhancing information sharing and for avoiding the sort of stovepipes that fostered the failures that set the stage for the 9/11 attacks. A failure to share appropriate information among key federal agencies holding that information and thereby "connect the dots" before the 9/11 plot was cited by the 9/11 Commission as a key failure of the federal government. 

McCain accused the Cybersecurity Act of proposing a similar set of information stovepipes.

"Additionally, what is not being discussed enough are the likely implications of the new cybersecurity stovepipes being proposed in this bill. The recreation of the very walls and information sharing barriers that the 9/11 Commission attributed as being responsible for one of our greatest intelligence failures is very unwise," McCain said.

"In addition to the problems with the information sharing provisions, the critical infrastructure language grants too much authority to the government, failing to consider the innovative potential of the private sector. I continue to believe that this title would force those who own or operate critical assets to place more emphasis on compliance attorneys, rather than utilize the world-class engineering capabilities employed by our private sector. This is why the primary objective of our bill is to enter into a cooperative information sharing relationship with the private sector, rather than an adversarial relationship rooted in mandates used to dictate technological solutions to industry," he added.

McCain's reservations were powerful enough to sink Lieberman's ambitions to pass the Cybersecurity Act, which certainly would have faced long odds in the House. With very few legislative days remaining this year, Lieberman's quest for a capstone legislative victory essentially has come to an end.

Follow me on Twitter at www.twitter.com/mickeymccarter