By Jennifer Martinez - 04/20/13 05:39 PM EDT
The ball is now in the Senate's court to pass legislation aimed at bolstering the nation's defenses against cyberattacks.
But the Senate isn't as far along on legislation as it was last Congress and has opted to press the re-set button on its cybersecurity efforts after it struggled to pass a comprehensive bill twice last year. The Senate Homeland Security, Commerce and Intelligence Committees are each drafting their own proposals that will go through regular order, according to a Senate aide.
Another issue at play for the Senate is the administration’s implementation of the cybersecurity executive order that President Obama signed earlier this year. The success of its implementation could affect what kind of proposal comes out of the Senate and whether that body intends to put forward one large bill or move a set of smaller ones, observers say.
Once more, a cybersecurity bill reaching the president’s desk hinges on whether the Senate can reach an agreement on legislation.
“In a lot of ways, this is sort of a re-run from last year,” said Jim Lewis, director of the technology and public policy program at the Center for Strategic and International Studies. “The only thing different is the Senate doesn't have a proposal…and we've got the executive order floating around, so those are the things that could change the calculations.”
“The senators have to decide, do they want to go for a big bill again, a package or do they want to break it into parts?” he added.
At this point, it’s unclear which path the Senate will choose. But Senate Homeland Security and Governmental Affairs Chairman Tom Carper (D-Del.) said in a statement that he looks forward to crafting “bipartisan, comprehensive legislation” that complements the president’s cyber order and “addresses the concerns surrounding information-sharing.”
There’s a chance that the Senate may move a cybersecurity information-sharing measure separately, which would complement the Cyber Intelligence Sharing and Protection Act, or CISPA, that passed the House in a 288-127 vote this week. Senate Commerce Chairman Jay Rockefeller (D-W.Va.) said moving such a measure separately is a possibility that members are currently discussing, but noted that no decisions have been made yet.
“Whatever we can get going on that, we have to get going,” Rockefeller said.
The measure would be aimed at making it easier for companies and the government to share data about malicious source code and other cyber threats with each other in real time, so firms can thwart cyberattacks against their computer systems faster.
Sen. Saxby Chambliss (R-Ga.), the ranking member of the Senate Intelligence Committee, said he is working on an information-sharing measure with the Intelligence panel’s chairman Sen. Dianne Feinstein (D-Calif.).
“We're not there yet, but we're working towards a bill of our own on information-sharing,” Chambliss said.
He said it hasn’t been decided whether the measure would be wrapped into a large, comprehensive bill or move forward separately.
“That's somebody else's call," Chambliss said. "We're just trying to do what we think the intelligence community's piece would be."
Still, the Georgia Republican added that he feels “very strongly about the information-sharing piece, that it needs to be done irrespective of the other pieces.”
Last year, Feinstein developed the cybersecurity information-sharing section of the comprehensive bill that failed in the Senate, the Cybersecurity Act of 2012. Chambliss, on the other hand, was a co-sponsor of a rival cybersecurity bill, the Secure IT Act, which largely focused on improving information-sharing efforts between government and industry about cyber threats.
The Cybersecurity Act failed to pass the Senate twice after GOP members blocked its passage over concern that it would apply new regulations on businesses.
Privacy advocates lauded the privacy safeguards included in the Cybersecurity Act to keep people’s personal information from being funneled to the government. However, they argued the Secure IT Act lacked sufficient protections for people’s information online.
When it comes to passing a bill in the Senate, Lewis contends that moving Feinstein’s information-sharing measure “would be the best chance they have getting something with the [phrase] cybersecurity bill passed this year, so that might be attractive to them.”
“The benefit of doing it that way is it gives time to see how the executive order plays out,” he said. “It's hard to write a big package bill without knowing how the executive order will look like, and how it will end up working out.”
Moving a measure similar to Feinstein’s proposal last year would likely receive support from privacy advocates, who fiercely opposed CISPA.
“The Senate bill last year addressed most of the major issues that civil liberties groups raised with CISPA, so I think the Senate bill will start in a much better place than did CISPA,” said Greg Nojeim, senior counsel at the Center for Democracy and Technology (CDT).
As the cybersecurity battle shifts to the Senate, Nojeim said CDT plans to push for lawmakers to preserve the privacy protections that were in the Senate bill last year, as well as press them to remove provisions that would give companies the authority to use certain countermeasures to combat cyberattacks.
The sponsors of CISPA are eager for the Senate to wrap up its work on legislation so the two chambers to get to conference and on their way to sending a cybersecurity bill to the president’s desk. CISPA easily passed the House on a bipartisan vote Thursday, defying a White House veto threat against the bill.
“With such strong bipartisan support for CISPA, we are optimistic that the Senate will regard our win as a signal to pass a strong information-sharing cyber bill, so that the cyber legislation that this country needs finally can be signed into law,” Rep. Dutch Ruppersberger (D-Md.), ranking member of the House Intelligence Committee, said in a statement. “I look forward to working with the Senate on this important issue.”
Rep. Adam Schiff (D-Calif.), a member of the House Intelligence Committee that opposed CISPA, said he expects the Senate to address the outstanding privacy concerns that were not resolved in the House bill.
“Hopefully we can get a sufficiently improved bill that the Senate can come together on,” Schiff said. “I can't imagine the Senate sending the White House a bill that isn't much improved from the House bill.”