WASHINGTON -- Senate Republicans on Wednesday killed cybersecurity legislation backed by President Barack Obama, increasing prospect that the White House will implement some of the bill's provisions through an executive order.
Supporters failed, 51-47, to get the 60 votes needed under Senate rules to bring up the bill for passage. Republicans blocked the same measure in August, saying it would lead to more government regulation of business.
"It to some degree hardens the lines of division, which makes it more likely we'll see an executive order, rather than an attempt to revive the legislation in the near term," Stewart Baker, a former Department of Homeland Security assistant secretary for policy, said in an interview. "The only other thing that can produce legislation is a major cybersecurity meltdown," said Mr. Baker, a partner at Washington's Steptoe & Johnson law firm.
Coincidentally, a National Academy of Sciences report released Wednesday said terrorists could black out large segments of the United States for weeks or months by attacking the power grid and damaging hard-to-replace components crucial to making it work.
The national academy report said that by blowing up substations or transmission lines with explosives, or by firing projectiles at them from a distance, terrorists could cause cascading failures and damage parts that would take months to repair or replace. In the meantime, it warned, people could die from the cold or excessive heat, and the economy could suffer hundreds of billions of dollars in damage.
Administration officials have continued to warn about cyber threats capable of widespread damage. Defense Secretary Leon Panetta said in a New York speech last month that computer assaults by other nations or extremist groups could be as destructive as the Sept. 11, 2001, attacks.
White House officials have said Mr. Obama was considering an order creating a program to protect vital computer networks from cyber attacks if Congress failed to pass an acceptable law.
Senate Majority Leader Harry Reid, D-Nevada, said the Senate vote killed any chance for congressional action this year. "Cybersecurity is dead for this Congress," he said after the vote.
Four Republican senators broke ranks with their party to vote in favor of advancing the Senate bill, and five Democrats joined Republicans in opposition.
The legislation, introduced in February by Sens. Joe Lieberman, I-Conn., and Susan Collins, R-Maine, would have created voluntary cybersecurity standards for companies that operate infrastructure such as power grids and chemical plants considered essential to U.S. national security. The bill also would have encouraged companies and the government to share information on cyber threats.
Republicans and the U.S. Chamber of Commerce, the nation's largest business lobby, opposed the voluntary standards, saying they would be a back door to government regulation and fail to keep pace with evolving threats in cyberspace. The chamber released a letter Wednesday reiterating its opposition.
"Whatever we do on this bill, it's not enough for the Chamber of Commerce," Mr. Reid said.
Mr. Obama has signed a separate directive setting policy for how the government handles threats in cyberspace, according to three current and former administration officials. The directive opens the door to a bigger role for the Defense Department, directing it to provide civilian agencies with technical help on cybersecurity, according to a former senior intelligence official familiar with the document.
The debate over cybersecurity legislation has turned from substantive analysis to a "political blame game" about who can best protect the nation, Sen. Charles Grassley, R-Iowa, said on the floor before Wednesday's vote. "Rushing something through that will impact the country in such a massive way is not a way we should do business," he said.
Senate Republicans -- including Mr. Grassley, Arizona's John McCain and Texas' Kay Bailey Hutchison -- had urged more limited legislation to encourage government and companies to share information about cyber threats, along the lines of a bill they introduced in March. The GOP-controlled House in April passed a similar information-sharing measure, sponsored by House Intelligence Committee chairman Mike Rogers, R-Mich., and the panel's top Democrat, Maryland's C.A. "Dutch" Ruppersberger.
The Obama administration said it would veto the House measure because it doesn't safeguard the privacy of consumer data that may be shared or protect the nation's infrastructure from cyber attacks.
While the NAS report is the most authoritative yet on the subject, the grid's vulnerability has long been obvious to independent engineers and to the electric industry itself, which has intermittently tried, in collaboration with the Homeland Security Department, to rehearse responses.
Of particular concern are giant custom-built transformers that boost the voltage of electricity to levels suited for bulk transmission and then reduce voltage for distribution to customers. Very few of those transformers are manufactured in the United States, and replacing them can take many months.
Changes in the electric industry have made the grid more vulnerable in recent years, experts say. The grid was mostly built to serve the needs of individual utilities, but regulators have cut loose the generation companies from the companies that transport and distribute power to foster a competitive market.
That has resulted in far more electricity being shipped much greater distances and in difficulty winning consensus to build new lines. Meanwhile, the Sept. 11 attacks and weather catastrophes such as Hurricane Sandy have underlined the need for ever more vigilant monitoring and technological upgrades.
"I don't think we pay quite enough attention to the technology fixes that would allow us to make the power system more resilient," said Clark Gellings, a researcher at the Electric Power Research Institute who is one of the report's authors.
The New York Times contributed.