A recent proposal for a cyber security law was shot down in Congress, but observers say new IT security regulations could be on the way for many businesses in the form of an Obama executive order. 

A procedure to move forward on the Cybersecurity Act, introduced by Senators Joe Lieberman (I-Conn.) and Susan Collins (R-Maine) and backed by the White House, was rejected in the Senate on Wednesday by a 51-47 vote.

Introduced in February, the Cybersecurity Act was a proposed information security law that would have imposed new cybersecurity requirements for companies that support the country’s “critical infrastructure.”

That may have included private businesses in the banking and finance industry, companies providing water and electric utilities, and businesses in the transportation sector.

If it had passed, the law would have allowed the Department of Homeland Security (DHS) to identify computer networks that could cause casualties or severe economic damage if attacked. The agency would set security regulations for companies operating those networks and penalize companies that can’t show they’re secure.

The bill met with opposition from Republicans on the grounds that it would add too many costly regulations for private companies. Some Republicans had argued the measure could pass if amendments were added, but the vote was held before an open amendment process, The Hill reports.

Cyber security regulation may still arrive

Effectively, the vote means that efforts to pass a national cyber security law will be put on hold for at least the rest of this year. But that doesn’t mean the issue will go away, as the Obama administration is expected to be working on an executive order that could include many of the provisions in the Cybersecurity Act proposal.

A draft of the order that leaked in September included a similar proposal to have the DHS create new rules for private companies supplying the nation’s critical infrastructure. It lists 16 sectors falling under that category, including everything from “Communications” and “Information Technology” to “Commercial Facilities” and “Critical Manufacturing.”

The order will almost certainly look different if and when it’s signed, though. We’ll keep you posted.

Tags: Cybersecurity Act, law, President Obama, regulations