Lawmakers on the Senate Intelligence Committee are getting “very close” to a new cybersecurity bill, according to the panel’s top Republican.
“As you know we have been working on a cyber bill for years now,” Sen. Saxby Chambliss (R-Ga.) told President Obama’s nominee to lead the U.S. Cyber Command and National Security Agency, Vice Adm. Michael Rogers, in a hearing on Tuesday.
“We’re getting very close to an agreement within the Intelligence Committee between the chairman and myself, on a cyber bill that is much needed. One of the key provisions, and kind of the last remaining obstacle we’ve got, is the immunity provision or the liability protection provision.”
{mosads}Lawmakers have for years pushed for a comprehensive bill to protect American financial markets, transportation systems and the electric grid in the event of a massive cyber attack.
“I believe one of our greatest vulnerabilities is cyber attack,” said Sen. Angus King (I-Maine). “I think the next Pearl Harbor is going to be cyber. And the problem is we’re more vulnerable than many other places.”
The Senate tried in 2012 to establish legislation with a set of security standards, but failed to overcome a Republican filibuster.
One persistent problem for advocates of a bill has been ways to craft incentives for businesses to support a set of cyber standards without overly burdening them. Lawmakers have tried to offer some legal protection from lawsuits to companies that join the effort.
“My sense is it’s a critical element of any legislation,” Rogers told lawmakers on the Senate Armed Services panel. “I believe to be successful you ultimately have to provide the corporate partners that we would be working with some level of corporate liability protection.”
Last month, the White House released a voluntary set of standards for critical infrastructure firms like energy, communications or healthcare networks. The framework was developed as part of an order from President Obama in response to the failed Senate vote in 2012.
Rogers called that effort “a step in the right direction” on Tuesday, but said that legislation with standards and a way to share information between companies and government agencies, “in the long run, is probably the right answer.”