A major cybersecurity bill will likely omit a clause that would require the government to assess the cyber defenses of the nation’s most critical infrastructure.
Lawmakers are on the cusp of merging three cyber bills that all aim to encourage businesses to share more data on hackers with the government. The completed text could pass with an omnibus spending bill in the coming days.
Sen. Susan Collins (R-Maine) has been lobbying for the inclusion of a clause that would direct the Department of Homeland Security (DHS) to evaluate the cybersecurity readiness at roughly 65 companies behind the nation’s infrastructure, and develop a plan for preventing a “catastrophic” cyberattack.
It passed as part of the Senate’s version of the info-sharing bill.
But as has been suspected for a few days, the clause is unlikely to make it into the final text.
“I’ve heard that, but I have not been officially notified by the chairman that that is the case,” Collins told reporters on Tuesday. “I will be very disappointed if that proves to be the case. And I would not sign the conference report if it is not included.”
Several people with knowledge of the discussions said that Collins’ language is likely to get the axe because of pressure from the private sector.
Coalitions of industry groups — including those representing the financial, telecommunications and gas sectors — have led the opposition against the provision. They believe it would infringe on the voluntary nature of the cyber bills and create “de facto regulatory mandates.”
A bipartisan group of eight senators attempted to rebuke these claims in a November letter, saying the clause “has been mischaracterized.”
The passage “is not counter to the overall voluntary nature of [the cyber bill], and it does not impose new incident reporting requirements,” the lawmakers insisted.
“Ironically, many of the trade associations who oppose this provision do not represent a single entity that would be covered,” they added.