Homeland Security gets behind cyber sharing bill

Homeland Security gets behind cyber sharing bill
© Greg Nash

Department of Homeland Security (DHS) Secretary Jeh Johnson has thrown his support behind controversial cybersecurity legislation under consideration in the Senate.

The Cybersecurity Information Sharing Act (CISA) would shield companies from legal liability when sharing cyber threat data with the government.

It faces opposition from a variety of privacy advocates and tech groups who say the bill would unnecessarily funnel personal information to the federal government and weaken security overall.

“Now is the opportunity for the Congress, in bipartisan fashion, to better protect the cybersecurity for the American people and their government; it is an opportunity we cannot afford to lose,” Johnson said in a statement late Thursday. “As currently written, I support this bill.”

Johnson’s announcement came less than an hour after the White House tendered its formal support for the legislation.

The Obama administration has been informally on board with CISA since August, when White House spokesman Eric Schultz called on the upper chamber to swiftly move the bill.

Johnson’s agency stands to have significant responsibility for any threat indicators shared with the federal government should the bill pass.

For many privacy and security opponents of the bill, the sticking point was what information would be shared and how.

A series of tweaks and alterations, many of which have been combined into a manager’s amendment package expected to pass next week, attempt to mitigate those concerns.

Under provisions in the package, shared data would be funneled through the DHS to be “scrubbed” of personally identifiable information.

The agency is seen as the best able to handle sensitive personal data. 

The White House on Thursday applauded the bill’s architects for naming DHS as the hub, warning that it would not support any exceptions.

An amendment from Sen. Tom CottonThomas (Tom) Bryant CottonRussian spy poisoning brings world powers closer to day of reckoning GOP senators see Tillerson ouster as the new normal Cotton: Russia will 'lie and deny' about British spy poisoning MORE (R-Ark.) — not included in the manager’s amendment package — would also give companies liability protections when sharing data directly with the FBI and Secret Service.

“The administration will strongly oppose any amendments that would provide additional liability-protected sharing channels, including expanding any exceptions to the DHS portal,” the White House said.

The Senate will vote Tuesday on Cotton’s offering.

Johnson called the current version of the legislation “a good bill,” praising co-sponsors Sens. Dianne FeinsteinDianne Emiel FeinsteinCoalition presses Transportation Dept. for stricter oversight of driverless cars Saudi energy deal push sparks nuclear weapon concerns Liberals seek ouster of HHS official blocking abortions MORE (D-Calif.) and Richard BurrRichard Mauze BurrOvernight Cybersecurity: Trump-linked data firm Cambridge Analytica attracts scrutiny | House passes cyber response team bill | What to know about Russian cyberattacks on energy grid Week ahead: Senate Intel panel tackles election security Overnight Cybersecurity: Trump unveils new sanctions on Russia | Feds say Russian hackers targeted US energy grid | NSA nominee sails through second confirmation hearing MORE (R-N.C.) for “taking on the complex subject of cybersecurity legislation [and] accounting for the numerous and varied interests.”

Johnson’s support for the cyber sharing bill was already well known. In September, he called on the Senate to pass CISA during remarks at The Commonwealth Club of California.

“There is an urgent and compelling need for cybersecurity legislation — to strengthen our ability to protect the American public, American businesses large and small, and the federal civilian .gov system,” Johnson said on Thursday.

Critics — including Sen. Ron WydenRonald (Ron) Lee WydenFacebook faces new crisis over Cambridge Analytica data Cambridge Analytica CEO filmed talking about using bribes, sex workers in political work Cambridge Analytica 'strongly denies' mishandling Facebook users' information MORE (D-Ore.) — say the bill wouldn’t have done anything to prevent the devastating hack of the Office of Personnel Management, which is often touted as a reason to pass the bill.

CISA is set for a final vote on Tuesday.