Cybersecurity Bill Dies; Cyberwar Directive Signed

The Cybersecurity Act of 2012 died on November 14, 2012. It was shot down in a 51-47 vote blocking Senate consideration of Sen. Joe Lieberman’s cybersecurity legislation. Majority Leader Harry Reid made it clear that the chamber would no longer discuss the issue, commenting, “Everybody should understand – cybersecurity is dead for this Congress.”

What happened?

In brief, the Cybersecurity Act of 2012 would have provided the Department of Homeland Security greater control over security standards and involved it in industry efforts to protect critical infrastructure. Critics of this bill were concerned that the department would have had too much authority and that too much private information would then be shared between business and government. Supporters of the bill argued that the new legislation was imperative to protect the nation.

However, proponents of the legislation were unable to end the debate and force a vote twice this year. With the recent developments, it’s unlikely that anything more will happen on this front until the new Congress meets in January.

What’s wrong with the Cybersecurity Act?

The proposed Cybersecurity Act of 2012 was suspiciously similar to the Cyber Intelligence Sharing and Protection Act (CISPA), which was passed by the House of Representatives back in April, but then rejected by the Senate.

Major critics of the CISPA included business associations, such as the US Chamber of Commerce, which claimed that the measure would place undue burdens on small businesses, forcing them to change daily operations. Senate Republicans supported the Chamber of Commerce and objected to restrictions to the limitation of amendments attached to the legislation.

An Executive Order in the works?

Observers point out that the Obama Administration is likely to bypass Congress, by writing sections of the cybersecurity bill as an executive order. This may be preferable for proponents of cybersecurity legislation, as the most important aspects of the measure would then be enacted. This would effectively provide an immediate framework for how the country responds to cyberattacks on critical infrastructure.

The need for cybersecurity legislation has increased in recent months, especially in light of viruses such as Shamoon, Mahdi, Stuxnet and others that have wreaked havoc on critical infrastructure and performed cyber espionage across the world. The US government has become more and more aware of the need to reinforce its cybersecurity efforts.

According to Mike Lloyd, chief technical officer of RedSeal Networks, “Global IT infrastructure is a world of glass houses, and there’s an escalating trend of people throwing stones. Sometimes it’s necessary to move beyond your own glass house to catch someone who is threatening or actually attacking your infrastructure.”

Directive 20

Presidential Policy Directive 20 was signed in mid-November. Although it’s not an executive order, it does outline the roles of the government in offensive and defensive cyber operations. As a directive, it doesn’t create powers for federal agencies; rather it outlines a national security policy framework for other agencies within the federal government to use. Many see the directive as an early step by President Obama towards creating effective cybersecurity legislation.


This article takes a look at the Cybersecurity Act of 2012, which was rejected by the US Senate on November 14, 2012. Opponents were concerned that the bill gave the Department of Homeland Security too much authority over security standards, and too much of a hold over critical infrastructure. Advocates, including the Obama administration, argued that a cybersecurity bill is important to safeguard the nation.

CIPP Exam Preparation

In preparation for the Certified Information Privacy Professional/United States(CIPP/US) exam,  a privacy professional should be comfortable with topics related to this post, including:

  • US legislation (I.A.b.ii.)
  • National security and privacy (III.B.)

Leave a Reply




You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>