In surprise, Senate may bring up cyber bill

At least one cybersecurity bill suddenly has life in the lame-duck Congress.

House Homeland Security Committee Chairman Michael McCaulMichael Thomas McCaulHouse Republicans bash Democrats' China competition bill Congress races to strike Russia sanctions deal as tensions mount New Mexico Democrat tests positive for COVID-19 breakthrough case MORE (R-Texas) is expecting the Senate to release as early as Thursday his bill to enable private companies to share cybersecurity information with the Homeland Security Department (DHS).


The measure, which passed the House in July, could reach the floor for final passage next week, McCaul said following a Chamber of Commerce event.

“A lot of intense negotiations,” he told The Hill, laughing.

McCaul got word Wednesday night just before midnight “that there had been some movement in the Senate,” he told the audience.

The bill, the National Cybersecurity and Critical Infrastructure Protection Act, would codify the DHS’s cybersecurity role and officially authorize the agency’s existing cybersecurity center.

Government agencies would be required to notify the center of any data breaches and private entities would be given legal protections to exchange cyber threat information with it.

“This would be the most significant piece of cyber legislation that’s been passed by the United States Congress,” he said.

McCaul’s bill has been less controversial than another, higher-profile cyber information sharing effort, the Cybersecurity Information Sharing Act (CISA).

Privacy advocates have backed McCaul’s bill, but urged the White House to veto CISA if it passes the Senate.

They are concerned CISA doesn’t adequately stop the National Security Agency from compiling personal information on Americans. McCaul’s measure only deals with the DHS, not the NSA.

Privacy and civil liberties groups have been wary of any step to expand the NSA's powers following government leaker Edward Snowden's disclosure of numerous secret spy programs that collected information on Americans.

After the Senate failed to move forward on a bill to curb the NSA’s surveillance authority, CISA was widely assumed dead until 2015.

Industry groups have strongly backed cybersecurity information sharing legislation, with a focus on CISA. They believe legal protections allowing the government and private sector to exchange cyber information are necessary to protect the country’s critical infrastructure.

The Chamber of Commerce has been pestering Senate leaders in recent weeks with letters urging them to move on a bill before the year is out.