Senator Sheldon Whitehouse, liberal warrior, is looking like the paragon of statesmanlike compromise of late.
His DISCLOSE Act, which aims to shed light on those bankrolling the sort of independent political groups playing an outsize role in the presidential race, didn't win any GOP votes in the Senate this week. But former Republican senators Warren Rudman and Chuck Hagel offered praise for "a bold display of compromise."
Now, another bi-partisan push. And this one may have some legs.
When Senator Joe Lieberman's cybersecurity bill stumbled in the face of opposition from Senator John McCain and other Republicans, Whitehouse and Arizona Republican Jon Kyl were at the center of a push for a compromise.
Their initial framework died in the face of corporate opposition. But now, Lieberman is out with a new bill. And elements of the Whitehouse-Kyl effort have been included in the measure. From The Hill:
Senate Homeland Security Committee leaders Sens. Joe Lieberman (I-Conn.) and Susan Collins (R-Maine) introduced a revised version of their cybersecurity bill on Thursday.
The
latest version of the bill includes elements of a voluntary program
outlined in a compromise framework drafted by a bipartisan group of
senators led by Sens. Sheldon Whitehouse (D-RI) and Jon Kyl (R-Ariz.).
“While the bill we introduced in February is stronger, this compromise
will significantly strengthen the cybersecurity of the nation’s most
critical infrastructure and with it our national and economic security,"
said Lieberman. “We responded after the 9/11 attacks to improve our
security. Now we must respond to this latest challenge before a cyber
9/11 occurs.”
Senate Majority Leader Harry Reid (D-Nev.) on Thursday put the new version of the bill on the Senate calendar.
The
revised bill proposes to establish a multi-agency council, called the
National Cybersecurity Council, that would assess the risks and
vulnerabilities found in computer systems of critical infrastructure.
The council would be chaired by the Homeland Security Secretary and
include members from the Pentagon, Department of Commerce, Justice
Department, intelligence community and federal regulatory agencies that
oversee critical infrastructure for specific sectors.
The
critical infrastructure section of the bill no longer requires companies
that operate critical infrastructure to meet a set of security
standards and incorporates some of the ideas proposed in the
Whitehouse-Kyl framework. Instead, critical infrastructure operators
could elect to participate in a voluntary cybersecurity program where
they can show through self-certification or a third party assessment
that they meet a set of cybersecurity practices in exchange for
incentives. Those voluntary cybersecurity practices would be developed
by private industry groups but reviewed and approved by the council.
However,
infrastructure that is deemed critical--or would result in mass
casualites, devastating economic or systemic damage if disabled--would
be required to report if a significant cyber incident hit their computer
systems. That type of incident would include the "exfiltration of data"
or "the defeat of an operational control or technical control" that is
key to operating and securing the infrastructure.
There is substantial doubt among cybersecurity experts about whether a voluntary program is sufficient to protect the nation's critical infrastructure. But most agree that an incremental step, here, is politically doable and will mark some progress.
As I argued yesterday, incrementalism may not be as effective when it comes to the DISCLOSE Act and campaign finance reform.