Democrats and industry groups are worried that congressional leaders could endanger the passage of several broadly supported cybersecurity measures by attaching a controversial data-breach notification bill.
Starting next week, Congress will vote on three bills that would give companies liability protection when sharing cyber threat data with the government.
Separately, lawmakers are considering legislation that would set nationwide data security standards and require companies to notify customers after a hack.
“I would be concerned if the measures were tied together in a way that slowed down the progress of cyber,” House Intelligence Committee ranking member Adam SchiffAdam Bennett SchiffOvernight Hillicon Valley — Hacking goes global Schiff calls on Amazon, Facebook to address spread of vaccine misinformation Spotlight turns to GOP's McCarthy in Jan. 6 probe MORE (D-Calif.), a co-sponsor of one threat-sharing bill, told The Hill. Schiff added he hasn’t heard that that will happen.
But the prospect of intertwining the measures has generated unease in markups this week and spurred industry groups to caution congressional leaders against any such move.
“I am very concerned,” said Rep. Frank Pallone Jr. (D-N.J.), the House Energy and Commerce Committee’s ranking member, during a Wednesday markup of one of several data-breach bills.
“I think that to just put this in with other bills ... I think we’re just moving too quickly,” he added. “I would like to see the process slowed down.”
Next week is “cyber week” on the Hill. The House is expected to vote on its two cyber threat data-sharing measures. The Senate will likely follow soon after with a vote on its companion bill.
The goal of the legislation is to boost the nation’s cyber defenses by providing the government and private businesses a pathway for sharing data to get a better idea of hackers’ tactics.
The measures have growing bipartisan support.
Several skeptical Democrats have come on board in recent months. Even the White House, which issued a veto threat for a House threat-sharing offering last year, now seems mostly satisfied with the new language.
Industry groups have also heavily lobbied for such a measure.
Meanwhile, House and Senate lawmakers have been discussing several data breach bills. The measures — at least four in total — are quite similar.
While each has a degree of bipartisan support, the two parties have become increasingly divided over when the approved bill should preempt existing state law.
Democrats fear it could create national data security guidelines weaker than long-standing state law. Republicans are wary of an overly invasive federal standard set by the Federal Trade Commission.
The rift was on display at Wednesday’s markup.
Democrats unexpectedly pulled their support for the bill, including the measure's co-sponsor, Rep. Peter WelchPeter Francis WelchFailed drug vote points to bigger challenges for Democrats Shakespeare gets a congressional hearing in this year's 'Will on the Hill' Democrats debate shape of new Jan. 6 probe MORE (D-Vt.).
The bill, initially backed by Welch and Rep. Marsha BlackburnMarsha BlackburnWarren, Daines introduce bill honoring 13 killed in Kabul attack Overnight Hillicon Valley — Scrutiny over Instagram's impact on teens US gymnasts offer scathing assessment of FBI MORE (R-Tenn.), passed along party lines.
Later that day, Welch told reporters he believed a few tweaks to the bill could get Democrats, including him, back on board.
But they won’t have much time to resolve the differences because the House’s two cyber threat data-sharing bills seem guaranteed to hit the floor next week
The bills are also likely to pass, making them an attractive vehicle to carry the less-supported data-breach language, according to lobbyists and former staffers.
House Intelligence Committee leaders acknowledge data breach legislation could be a wild card for their bill on the House floor.
“We’re not sure how that’s going to work into this mix,” Chairman Devin Nunes (R-Calif.) has told reporters.
On the Senate side, the Intelligence Committee has a companion cyber information-sharing bill that Majority Leader Mitch McConnellAddison (Mitch) Mitchell McConnellTrump seeking challenger to McConnell as Senate GOP leader: report Budget chairman: Debt ceiling fight 'a ridiculous position to be in' Buckle up for more Trump, courtesy of the Democratic Party MORE (R-Ky.) said will soon come to the floor.
Industry groups are warning senators against adding any data breach language to the bill, known as the Cybersecurity Information Sharing Act (CISA).
The U.S. Chamber of Commerce wrote Senate leaders on Tuesday, arguing such a move “would weaken or overly complicate this important bipartisan bill.”
Data breach notification guidelines and data security standards “are best addressed in other contexts,” the Chamber said.
Sen. Bill NelsonClarence (Bill) William NelsonHow will Biden's Afghanistan debacle impact NASA's Artemis return to the moon? Biden to talk Russia, anti-corruption with Ukraine's president Blue Origin's Jeff Bezos wages lawfare on NASA and SpaceX MORE (Fla.), the Senate Commerce Committee’s top Democrat, is backing one of the upper chamber’s data breach bills.
He told The Hill he’s trying to find a way to move his bill, but he has no plans as of now to offer it as an amendment to CISA.
“I’m gonna talk to [Commerce Committee Chairman] John ThuneJohn Randolph ThuneSenate parliamentarian nixes Democrats' immigration plan Manchin keeps Washington guessing on what he wants Manchin-McConnell meet amid new voting rights push MORE [R-S.D.], because it’s not controversial,” he said. “We’ll find a vehicle.”
Sen. Tom CarperThomas (Tom) Richard CarperThe Hill's Morning Report - Presented by AT&T - US speeds evacuations as thousands of Americans remain in Afghanistan Biden finds few Capitol Hill allies amid Afghanistan backlash Trains matter to America MORE (D-Del.), an active lawmaker on cyber issues, is also sponsoring a bipartisan measure that mirror’s Nelson’s bill.
He told The Hill he would like to see a Commerce Committee hearing before any decisions are made about how to move forward.
A hearing would give ”folks who are knowledgeable on this issue — whether they like our bill or [Nelson’s] bill — an opportunity to say why and offer elements of whichever bill they want to champion, and probably shape an even better piece of legislation,” Carper said.