Lawmakers are punting on a cyber sharing bill, leaving the controversial issue to the new Congress even as experts warn that the nation's critical infrastructure remains exposed to attacks.
In their final week, lawmakers trumpeted the passage of five cyber bills, a tidal wave of activity given Congress's recent track record on cyber issues.
But the bills mostly codified existing cyber roles within various agencies or expanded the government’s ability to hire and train a cyber workforce. The White House has indicated it will sign the bills into law.
Absent from the lame duck cyber push was a key measure business and lawmakers have been pushing for several years — a bill to enable cyber information sharing between intelligence agencies and the private sector. Advocates believe such a bill is necessary to prevent a crippling cyberattack.
The new bills are “not going to get at our ability to stop bad guys from doing bad things,” outgoing House Intelligence Chairman Mike RogersMichael (Mike) Dennis RogersHouse passes sweeping defense policy bill After messy Afghanistan withdrawal, questions remain Congress should control its appetite for legacy programs when increasing defense budget MORE (R-Mich.) told reporters on Friday.
“But it starts building a foundation of training and getting awareness of the problem,” he added.
“All very good first bites of the apple,” said Josh Magri, regulatory counsel for the Financial Services Roundtable (FSR), a major finance industry trade group that is pushing for cybersecurity legislation.
“It’s a long way from allowing private networks to protect themselves,” Rogers cautioned, however.
The fallout from leaker Edward Snowden’s revelations of mass surveillance programs forced lawmakers to move at a different pace, Sen. Tom CarperThomas (Tom) Richard CarperOvernight Energy & Environment — Presented by the League of Conservation Voters — EPA finalizing rule cutting HFCs EPA finalizes rule cutting use of potent greenhouse gas used in refrigeration The Hill's Morning Report - Presented by AT&T - US speeds evacuations as thousands of Americans remain in Afghanistan MORE (D-Del.) told The Hill in an interview.
“Rather than moving a silver bullet, one silver bullet, we decided to move a number of silver BBs,” said Carper, who sponsored most of the cyber legislation that passed this week.
This week’s measures “are nice sized BBs,” added Carper, who chairs the Senate Homeland Security and Governmental Affairs Committee.
“Information sharing is a bigger BB.”
Industry groups, intelligence officials and many lawmakers vigorously argue the country’s critical infrastructure will remain at risk until the private and public sector can fully exchange information with the National Security Agency (NSA) about malicious malware and potential cyberattacks.
But companies fear the government might disclose their security flaws, subjecting them to shareholder lawsuits. They want an information sharing bill to provide the necessary legal protections.
Stakeholders are split on whether the 2014 cyber bills improve the 2015 odds for an information sharing bill.
“I would argue these actions pave the way for a more comprehensive approach to cybersecurity in the 114th Congress,” including information sharing, said Norma Krayem, a lobbyist with Squire Patton Boggs who co-chairs the firm’s cybersecurity industry group.
But some lawmakers are not more optimistic.
“We’ll have the same hurdles next year,” cautioned Rogers, who is retiring. “Maybe that helps,” he added, laughing.
Rogers authored the House information sharing bill, the Cyber Intelligence Sharing and Protection Act (CISPA). Privacy advocates have been wary CISPA might give the NSA the ability to collect more personal information on Americans.
“We’ve addressed a lot of the privacy issues,” House Intelligence ranking member Dutch RuppersbergerCharles (Dutch) Albert RuppersbergerHouse lawmakers roll out bill to invest 0 million in state and local cybersecurity House approves cyber funds in relief package as officials press for more Maryland lawmakers ask Biden to honor Capital Gazette shooting victims with Presidential Medal of Freedom MORE (D-Md.), CISPA’s co-sponsor, told The Hill.
Senate Intelligence Committee head Dianne FeinsteinDianne Emiel FeinsteinFederal watchdog calls on Congress, Energy Dept. to overhaul nuclear waste storage process Senate advances Biden consumer bureau pick after panel logjam Republicans caught in California's recall trap MORE (D-Calif.), who sponsored the Senate’s version of CISPA, had promised a new lame-duck draft with enhanced privacy provisions. But a public draft never came to fruition.
Opponents in and out of Congress have also insisted lawmakers must move first on a bill to curb the NSA’s surveillance authority.
“Some people voted against our intelligence bill [CISPA] just because it’s intelligence, but that’s philosophical,” Ruppersberger said. “We have to be pragmatic, too.”
Feinstein and Carper will lose their bully pulpits come 2015, as Republicans take Senate control. Both lawmakers will remain the top Democrats on their respective committees, though.
“Dianne Feinstein, she’s not going anywhere,” Carper insisted. “I’m not going anywhere.”
Ruppersberger has also said he wants to remain the top Democrat on House Intelligence.
“Every incoming chairman has been clear that cybersecurity is on the front burner in the 114th Congress,” Krayem said.
“We’ll come back [on cyber], I hope, early next year,” Carper said.
We've "got to,” Ruppersberger added.