"It's hard to get a measure like cybersecurity legislation passed on its own," said Carper, who chairs a Senate subcommittee with cybersecurity oversight.
Carper said that backers would seek to add cybersecurity provisions to a bill that's likely to pass, such as the National Defense Authorization Act, which likely would be passed before the fall midterm elections. Besides, he said, cybersecurity is a component of national security. "That is a place that makes a lot of sense."
Another reason Carper said he believes the Senate may consider the cybersecurity legislation as part of the defense authorization bill is that the chairman and ranking minority member of the Armed Services Committee - Sens. Carl Levin, D-Mich., and John McCain, R-Ariz. - also serve on the Homeland Security and Governmental Affairs Committee, where a major piece of the cybersecurity legislation emanates. McCain also serves as the ranking Republican on the Homeland Security and Governmental Affairs Subcommittee on Federal Financial Management, Government Information, Federal Services and International Security, which Carper chairs.
Various versions of cybersecurity bills are before a number of committees, and Senate Majority Leader Harry Reid has asked the chairs of those panels to combine them into a single, omnibus bill. Carper said negotiators - led by the chairs of the Homeland Security and Governmental Affairs and Commerce, Science and Transportation committees, Sens. Joseph Lieberman, ID-Conn., and Jay Rockefeller, D-W.Va. - are making great progress. "We're very close to where we need to be in developing a joint proposal," said Carper, the sponsor of a bill to reform the Federal Information Security Management Act, the law that governs federal IT security.
On May 28, the House of Representatives passed its version of the National Defense Authorization Act that incorporated cybersecurity provisions. If the Senate approves a defense bill with cybersecurity provisions, a conference committee would work out the differences between the two measures, and each house would vote on the legislation again.
Time is running short. Congress is on its summer recess, and is not scheduled to return to Washington till mid-September. Then, it will be in session for only four weeks before recessing again to allow lawmakers up for reelection to return home to campaign. Congress won't return again until after the Nov. 2 vote.
If the Senate fails to pass cybersecurity legislation before then - whether as part of the defense measure or as a standalone bill - prospects of passage during a lame-duck session of Congress would significantly dim should the Republicans pick up a significant number of seats, Carper said. "If the Republicans are successful in picking up some seats, they may be less anxious to go in and pass much in a lame duck session," he said, adding they'll likely delay action until after January, especially if they win a significant number of seats and "they're stronger in numbers." But he quickly said that he didn't think the GOP would make significant gains in the Senate come November.
Cybersecurity has been a bipartisan issue, and that could help it gain approval in a highly partisan Senate where 60 votes are needed to enact legislation. "It's more of a national security issues that we ought to do sooner rather than later," Carper said, "and I hope we will."