Security Experts:

Connect with us

Hi, what are you looking for?



U.S. Senate Thumbs Down Cybersecurity Act – What’s Next?

The U.S. Senate has failed once again to move forward on the Cybersecurity Act, raising the question of what is next in the struggle to legislate solutions to threats in cyberspace.  

The U.S. Senate has failed once again to move forward on the Cybersecurity Act, raising the question of what is next in the struggle to legislate solutions to threats in cyberspace.  

Late Wednesday, the controversial legislation fell nine votes short of the 60 votes needed to send the bill to a final vote. The vote pushes the bill’s fate further into limbo, marking the second time it has failed to garner enough votes to move forward in the past three months.

“With yesterday’s Senate vote, our government has largely failed in protecting the American public in cyberspace,” said Stuart McClure, CEO and President of Cylance. “The most basic and fundamental of all the bills that went to the Hill for consideration were around information sharing and they couldn’t even get that bill passed. Information sharing is literally step zero before anything else can be done to adequately respond to threats. When someone in the government knows something, they are most often not able to share the information. So if someone from the NSA learns during a classified exercise that a company has been compromised, they are often not able to share that information because it is classified data.”

“This and many other examples exist that highlight why such legislation is necessary,” he added.

The failure of the bill – which critics say wrongly gives power to the Department of Homeland Security, raises privacy concerns and could create burdensome regulations for industry – comes as news has leaked out that the president signed a secret directive last month to enable the military to act more aggressively against cyberattacks targeting the government’s computer networks. According to sources cited by the Washington Post, Presidential Policy Directive 20 establishes “a broad and strict set of standards to guide the operations of federal agencies in confronting threats in cyberspace.”

Still in play is whether or not the president will issue an executive order to address some of the provisions of the legislation. In an interview last month on news talk show “Platt’s Energy Week,” Sen. Joseph Lieberman (I-Conn.) said that the order would establish voluntary security standards for critical infrastructure companies.

“[The President] could certainly set up the process … for private-public sector development of these best practice standards and then he can try to create some rewards — not as strong as he can do by legislation — for companies that voluntarily opt into them,” Lieberman explained.

Chris Petersen, CTO of LogRhythm, called the idea that the president needs to consider an executive order “unfortunate.”

“There are real and valid concerns when it comes to cybersecurity legislation, a main concern being additional compliance burdens on U.S. companies,” he said. “While concerns are understandable, the reality is that without a measuring stick, companies won’t know if they have gone far enough in protecting themselves. Without enforcement, some companies will just kick the can down the road and hope for the best.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona


Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


The UK’s NCSC has issued a security advisory to warn about spearphishing campaigns conducted by two unrelated Russian and Iranian hacker groups.


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.


Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by...


While cyber eyes are trained on Russia, we should remember that it is not the West’s only cyber adversary. China, Iran, and North Korea...