There are "a couple of clear fault lines here in terms of maybe getting a compromise" on cyber security legislation during this Congress, Greg Orlando, Counsel for Senate Commerce Committee member Roger Wicker (R-MS) said. Chief among these: "you've got the critical infrastructure piece and expanded role for DHS."
Senate legislation championed by Senator Joe Lieberman (I-CT) would implement minimum cyber security requirements on critical infrastructure industries such as utilities and banking, with those requirements administered by the Department of Homeland Security. Although objections by privacy advocates are largely acknowledged as threats to the passage of cyber security legislation, mandatory requirements on critical infrastructure could be the real fly in the ointment.
"Senator Rockefeller believes that if cyber legislation doesn't address critical infrastructure, we will have all failed," John Branscome, Communications Counsel, Senate Committee on Commerce, Science and Transportation said.
Although the Democratic-controlled Senate, along with the Administration, believe cyber security legislation should include critical infrastructure requirements overseen by DHS, House leaders aren't buying into that. "Having a single agency manage 13 industrial sectors,creates an opportunity for a single point of failure," Ray Baum, Senior Policy Advisor to Greg Walden (R-OR), Chairman of the House Subcommittee on Communications and Technology said. "It's very difficult to say that if you set outstanding standards, they wouldn't be out of date before the ink is dry. We need to leave that to the expert agencies."
Later in an interview, Baum said "if they tweak the privacy stuff and take out the critical infrastructure, you could pass a cyber security bill this Congress." Other than that unlikely scenario, cyber security legislation looks dead until the new Congress comes to town next January. "It's a hard year to be legislating," Danny Sepulveda, Senior Advisor to Sen. John Kerry (D-MA) said.