For the second time in three months, the Senate failed on Nov. 14 to muster the 60 votes needed to halt a filibuster of the Cybersecurity Act of 2012. The vote was 51-47.
"Cybersecurity is dead for this congress," Senate Majority Leader Harry Reid, D-Nev., declared after the vote.
Sponsors of the bill expressed their exasperation with some colleagues after the vote. "In all my years on the Homeland Security Committee, I cannot think of another issue where the vulnerability is greater and we've done less," said Republican Susan Collins of Maine, the ranking member of the Senate Homeland Security and Governmental Affairs Committee.
Another sponsor, Sen. Thomas Carper, D.-Del., who's is in line to become chairman of the panel in the new Congress, said he'll continue to work to get such legislation enacted next year.
"While this bill isn't perfect, it is a significant improvement over our current cybersecurity laws, which numerous experts have said do not go far enough to protect us," Carper said. "Our nation cannot afford more delay on this issue. I remain hopeful that we can convince the rest of our colleagues and key stakeholders that the status quo is unacceptable, and I am committed to work together to come to a solution as soon as possible."
The vast majority of the opponents to the bill are Republicans, who say they fear that provisions in the measure to have the government develop voluntary IT security standards for businesses could eventually lead to involuntary regulation. A few Democratic senators who oppose the bill contend it doesn't go far enough to protect individual privacy and civil liberties.
The failure to enact comprehensive cybersecurity legislation makes it more likely that President Obama, who supported the measure, will issue an executive order to incorporate elements of the Cybersecurity Act. Those elements include the government developing IT security best practices that the mostly private owners of the nation's critical infrastructure could voluntarily adopt.
"An executive order leaves much to be desired, but it is far preferable to inaction, and it is what we will be left with if Congress doesn't pass this reasonable, bipartisan cybersecurity bill," Committee Chairman Joseph Lieberman, ID-Conn., said moments before the Senate took the vote to end the filibuster.
But James Lewis, a senior fellow at the Center for Strategic and International Studies, said divisions exist within the White House on defining in the executive order exactly how the government would identify those practices and the role the Department of Homeland Security should play in implementing IT security practices. Once those differences are ironed out, Lewis said the president will likely issue the executive order.