House gears up for 'cyber week,' but security bill’s fate rests with Senate

The House is set to vote on a host of cybersecurity bills next week, but the fate of the legislation rests in the Senate.

The House is expected to approve the Cyber Intelligence Sharing and Protection Act (CISPA), which would tear down legal barriers that discourage companies from sharing data about cyber attacks. 

ADVERTISEMENT
The goal of the legislation is to help companies beef up their defenses against hackers who steal business secrets, rob customers’ financial information and wreak havoc on computer systems.

CISPA, sponsored by Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.), has more than 100 co-sponsors.

But the White House and Senate Democrats argue CISPA is inadequate.

They say any cybersecurity legislation should include tougher privacy protections and should require critical infrastructure systems to meet minimum security standards.

"Legislation without new authorities to address our nation’s critical infrastructure vulnerabilities, or legislation that would sacrifice the privacy of our citizens in the name of security, will not meet our nation's urgent needs," White House National Security Council spokeswoman Caitlin Hayden said, without explicitly mentioning CISPA.

The White House has endorsed a cybersecurity bill from Sens. Joe Lieberman (I-Conn.) and Susan Collins (R-Maine) that would empower the Homeland Security Department to set mandatory security standards for critical systems, such as electrical grids or chemical plants.

A Democratic aide said the Lieberman-Collins bill is a "priority" for Senate Majority Leader Harry Reid (D-Nev.) and "we expect to take up the legislation in the next few weeks."

But it is unclear whether there are enough votes in the Senate to pass the bill.

Sen. John McCain (R-Ariz.) is rallying opposition to the measure and has introduced his own alternative bill, the Secure IT Act. Like CISPA, Secure IT focuses only on voluntary information-sharing about cyber threats. 

The bill has attracted seven GOP co-sponsors.  

McCain argued Lieberman-Collins would impose regulations that “would stymie job creation, blur the definition of private property rights and divert resources from actual cybersecurity to compliance with government mandates.”

The powerful U.S. Chamber of Commerce is also lobbying against the Lieberman-Collins bill. Companies that could be classified as critical infrastructure, such as banks, telecom companies, wireless carriers and electrical companies, are skeptical of new government regulations.

But the bill has the support of figures in the national security community including Joint Chiefs of Staff Chairman Martin Dempsey and former Homeland Security Secretary Michael Chertoff.

Chertoff, who served under President George W. Bush, argued free market pressures will not be enough to protect critical systems.

"Left to their own devices, few private companies would invest more in securing their cyber assets than the actual value of those assets," he said earlier this year. "Yet in an interconnected and interdependent world, the failure of one part of the network can have devastating collateral and cascading effects across a wide range of physical, economic and social systems."

Heavyweights from the administration, including Homeland Security Secretary Janet Napolitano, FBI Director Robert Mueller and National Security Agency Director Keith Alexander, were dispatched to Capitol Hill to emphasize the threats facing critical infrastructure.

But the House GOP leadership has indicated they will not bring any bill to the floor that includes new regulations. 

CISPA-sponsor Rogers said he has already had discussions with Senate Democrats about moving forward with the information-sharing provisions if their effort to pass the regulatory piece fails.

If the Senate manages to approve the critical infrastructure provisions, and the House passes CISPA, lawmakers would have to negotiate the differences in a conference committee.


More in Cybersecurity

Industry still pushing for lame-duck cyber bill

Read more »