In the final weeks before Congress left for its August break, U.S. Sens. Susan Collins, R-Maine, and Joseph I. Lieberman, I-Conn., took a gamble. They watered down their own cybersecurity legislation in hopes of winning passage.

Last week on the Senate floor, however, their compromise died. The sponsors could muster only 52 votes, short of the 60 needed.

Collins and Lieberman went a long way. Their original legislation would have set mandatory cybersecurity standards for companies that run critical infrastructure, such as electricity, water, nuclear, communications and financial networks. Ripping the heart out of their bill, they made the standards voluntary but still found no takers.

The influential U.S. Chamber of Commerce opposed it, saying the legislation took an “adversarial” approach to the private sector. The group has endorsed other bills with less rigorous requirements.

This was a moment when the business lobby put its head in the sand. The threat posed to the private sector in cyberspace cannot be wished away — it is large and growing.

Most companies realize this from their own experience. They are being battered by cyber-exploitations and theft, losing customer records and intellectual property. Instead of torpedoing legislation, they ought to be leading the way, pressing Congress to act.

The United States needs to shore up its cyberdefenses, which are relatively weak. The government has unique capabilities to help firms improve cybersecurity but needs the legislation to act in concert with the private sector.

Gen. Keith B. Alexander, the commander of the U.S. Cyber Command and the National Security Agency, has warned that cyberattacks on critical infrastructure are moving from the inconvenient to the destructive.

One day, this could mean a click that throws a city into a blackout or causes a financial market to crash. Alexander and other military and national security officials have urged Congress to pass some kind of legislation soon.

The Collins-Lieberman compromise reflected a proper sense of urgency. The House approved its own, somewhat similar, legislation in April, although privacy concerns have led the White House to threaten a veto.

The net result is that Congress left town with the nation’s critical infrastructure exposed and cyberdefenses still down. When it returns in September, a concerted effort should be made to pass legislation so the government and private sector can begin to face the onslaught together.

Editorial by The Washington Post

Only subscribers are eligible to post comments. Please subscribe or to participate in the conversation. Here’s why.

Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.