Senate ready to move on cybersecurity legislation, but differences remain

Senators are set to tackle legislation to protect the nation’s computer system when the upper chamber returns from its July 4th recess, but the efforts are being hampered by disagreements over the government’s role in overseeing cybersecurity standards.

Senate Majority Leader Harry (D-Nev.) has repeatedly said he believes cybersecurity legislation is critical, and he is expected to push for a vote in July.

ADVERTISEMENT
"There hasn't been a time that I've talked with [Reid] in the last year where he hasn't talked about the need to get cybersecurity to the floor," Sen. Jay Rockefeller (D-W.Va.) told reporters after a Senate hearing last week. "No other subject reigns so supreme."

Lawmakers of both parties worry that hackers are stealing America's business secrets and that an attack on a vital computer system could cause thousands of deaths.

But sharp differences remain. Senate Democrats are still trying to round up the necessary 60 votes to bring their preferred bill to the floor. 

The House passed its own bill, the Cyber Intelligence Sharing and Protect Act (CISPA), in April. 

President Obama has threatened to veto CISPA, saying it would undermine privacy and would fail to protect the nation's critical infrastructure.

The White House and Senate Democratic leaders have instead endorsed the Cybersecurity Act, sponsored by Sens. Joe Lieberman (I-Conn.) and Susan Collins (R-Maine).

Both CISPA and Lieberman-Collins would encourage companies to share information about cyberthreats with each other and with the government. But Lieberman-Collins is seen as having stronger safeguards to protect people's private information.

For example, Lieberman-Collins would require that companies make a reasonable effort to strip out personally-identifiable information from the data they share with the government.

The bill would also give the Department of Homeland Security a lead role in handling the information-sharing, which privacy advocates prefer to military spy agencies, such at the National Security Agency. 

But privacy groups, including the American Civil Liberties Union (ACLU) and the Center for Democracy and Technology, as well as privacy-minded senators such as Sens. Ron Wyden (D-Ore.) and Al Franken (D-Minn.), are pushing for stronger privacy protections in Lieberman-Collins.

In a crucial difference from CISPA, Lieberman-Collins would require critical infrastructure, such as electrical grids and gas pipelines, to meet minimum cybersecurity standards. Supporters of the legislation say the standards are necessary to protect vital systems from attacks, but many Republicans argue that government mandates will burden businesses and do little to improve cybersecurity.

Senate Republicans, led by John McCain (Ariz.), Kay Bailey Hutchison (Texas) and Saxby Chambliss (Ga.), are pushing their own cybersecurity bill, the Secure IT Act.

The GOP bill is similar to CISPA in that it authorizes only voluntary information-sharing and would not set any cybersecurity mandates.

The senators introduced a revised version of Secure IT last week that, among other changes, enhances some of the bill's privacy protections.

"There are consensus items here that everyone agrees on," a Republican Senate aide told The Hill. "In a contentious election year, if we want to pass a law, we should focus on those consensus items."

But the White House and Senate Democrats argue that any cybersecurity legislation that lacks protections for critical infrastructure is inadequate.

When asked to respond to the new version of Secure IT, White House spokeswoman Caitlin Hayden said: "Cybersecurity legislation must include robust privacy protections and address the very serious risks facing the nation's critical infrastructure."

Sens. Sheldon Whitehouse (D-R.I.) and Jon Kyl (R-Ariz.) are working to find a middle ground on cybersecurity. They circulated a draft bill on Capitol Hill this month that would pressure, but not force, critical infrastructure companies to meet security standards.

Rockefeller, one of the primary co-sponsors of the Lieberman-Collins bill, said the compromise proposal is an "incredible set of suggestions" that avoids the "fear of mandates."

He said he can think of at least five Republicans who will support the compromise proposal.

But the GOP aide said some Republicans have "strong concerns with preliminary proposals" from Whitehouse and Kyl.

Although nearly everyone on Capitol Hill would like to see Congress pass some kind of cybersecurity legislation this term, time is running out.

In a speech on the Senate floor earlier this month, Lieberman predicted that lawmakers' attention will soon turn to the fall's election and that the lame-duck session after the election will be consumed by budget and tax issues.

Lieberman, who is retiring at the end of the term, said if the Senate doesn't vote in July, "we're not going to be able to pass this legislation."