Senate Defeat Of Flawed Cybersecurity Bill Allows Time For Improvement

Today the Senate failed to reach cloture on the Cybersecurity Act of 2012 by a margin of 52-46 of the necessary 60 votes, effectively killing the current iteration. The bill would have directed the Department of Homeland Security to conduct sector-by-sector cybersecurity risk assessments of critical infrastructure, identify risk-based cybersecurity performance requirements, implement cyber response and restoration plans, develop voluntary requirements for notifications and data-sharing in the event of significant cyber incidents affecting critical infrastructure.

President Obama previously called on Congress to pass the legislation, naming the cyber threat “one of the most serious economic and national security challenges we face”, despite having threatened to veto CISPA earlier this year due to privacy concerns similar to those raised by some opponents of the Cybersecurity Act of 2012.

Thethreat of cyber attack is very real. Public and private infrastructure around the world are vulnerable to attacks and the rate of incidents involving U.S. critical infrastructure have jumped from 9 in 2009 to 198 in 2011. But there are good reasons why this bill failed:

  • The figures used to justify the bill don’t stand up to academic scrutiny. Backers of the legislation and bills like it relied on statistics quantifying the financial stakes of cybersecurity from private cybersecurity companies Symantec Corp. and McAfee Inc. to justify immediate action, but ProPublica reports their numbers don’t add up.
  • It lacked privacy safeguards: While not as hated by privacy advocates as previous cybersecurity proposals, if left un-amended the Cybersecurity Act would have given internet service providers the “explicit right to monitor private user communications.”
  • The death of the Cybersecurity Act of 2012 isn’t the death of cybersecurity. Amendments made to this bill only put privacy advocates in a better position for the next round of debate. As Michelle Richardson, legislative counsel with ACLU, notes:

“When Congress inevitably picks up this issue again, the privacy amendments in this bill should remain the vanguard for any future bills. We’ll continue to work with Congress to make sure that the government’s cybersecurity efforts include privacy protections. Cybersecurity and our online privacy should not be a zero sum game.”

Richardson is right, and this much needed debate will be continued in the future. More details on todays vote via the New York Times.