Senate delays IT security law – possibly for good

Last week, the Senate failed to pass a proposed IT security law that would protect tech systems supporting the nation’s critical infrastructure — and could unfairly increase costs for private businesses, according to some critics. 

The proposed bill, the Cybersecurity Act of 2012, was introduced by Senators Joe Lieberman (I-Conn.) and Susan Collins (R-Maine) and has been endorsed by President Obama.

The Senate voted 52-46 to end debate and force a vote on the bill, failing to reach the 60 votes needed for the measure to pass. That means no action will be taken on the bill until at least September, when Congress returns from a recess.

However, the proposed IT security law will still face significant opposition, observers say, and it is normally unlikely for any controversial legislation to pass between September and a national election in November.

A revised version of the Cybersecurity Act was introduced in July. Originally, the bill would have allowed the Department of Homeland Security (DHS) to identify computer networks that could cause casualties or severe economic damage if attacked — including those belonging to businesses in the banking and finance industry, companies providing water and electric utilities, and transportation organizations. The agency would have set security regulations for companies operating those networks and been able to penalize companies that can’t show they’re secure.

Instead, the new proposal would offer incentives to organizations that participated in a voluntary cybersecurity program. However, some critics, including the U.S. Chamber of Commerce, have argued that the voluntary program will likely become mandatory.

Other proposals for IT security laws have also been introduced in Congress recently, including one alternative to the Cybersecurity Act, the Secure IT Act. That bill would encourage the sharing of information about threats between the government and private companies. That bill has the backing of the Chamber of Commerce and other business groups, but the White House has threatened a veto on the grounds that it doesn’t do enough to protect privacy rights.

We’ll keep you posted on these and other proposed IT security laws.