Corporations across a wide array of industries are lobbying hard in favor of a major cybersecurity bill, enlisting a slew of K Street firms as part of an increasingly intense push for a measure expected to reach the Senate floor as soon as this month.
The number of companies and organizations hitting Capitol Hill to discuss the Cybersecurity Information Sharing Act (CISA) has roughly tripled over the last year, according to lobbying disclosure forms for the first three months of 2015.
CISA would shield companies from legal liability when sharing cyber-threat data with the government, boosting the amount of information shared about hackers’ tactics.
Recently breached companies like JPMorgan Chase and health insurer Anthem have joined the lobbying on CISA. Companies likely to become hacking targets, such as airlines and automakers, are also ramping up efforts.
These firms are “making sure there’s a way to share data on potential threats to help identify them beforehand ... make sure there are those open lines of communications,” a health insurance official said.
And while privacy advocates vocally condemn CISA as another way to empower government surveillance, the American Civil Liberties Union has been the only major privacy group to directly lobby on the issue. The imbalance irks consumer advocates.
“Policy now is not about big ideas, it’s about big bucks,” said John Simpson, director of Consumer Watchdog's Privacy Project.
It’s up to the Senate to determine whether Congress this year passes a cyber threat-sharing bill. The House passed its two measures by wide margins and the White House has indicated it would likely sign a cybersecurity bill into law.
Lawmakers and government officials argue the measures are a national security necessity. Criminals and terrorists are already outfoxing the nation’s cyber defenses, they say, and it is only a matter of time until a destructive cyberattack takes down an electrical grid or nuclear plant, causing major damage.
Companies have their own interest in gathering more knowledge. They’re losing millions of dollars to data breaches, repairing networks after cyberattacks, rebuilding brand loyalty and buying the latest security measures only to have them fail. By some estimates, cyber crime drains the worldwide economy of more than $400 billion annually.
“When national security combines with the corporate interests, it’s a juggernaut,” said The University of North Carolina Distinguished Professor of Political Science Frank Baumgartner, who has written widely on the effects of lobbying spending.
Disclosure forms show that CISA is a lobbying priority for a wide range of companies.
A predictable group has been awash in cyberattacks for years: Insurers, credit card companies, banks, gas and oil giants and telecom companies.
But some major companies are getting into the game after suffering mammoth data breaches of their own.
Anthem and Blue Cross Blue Shield Association, two large health insurers, both became first-time CISA lobbyists this quarter after incurring two of the largest data breaches on record. Anthem’s February breach exposed 80 million Social Security numbers, while a digital attack on Blue Cross affiliate Premera revealed 11 million more.
“What you learn from experience you can share with others,” the health insurance official said.
JPMorgan Chase joined the ranks lobbying on CISA this year after last fall disclosing its own digital intrusion that compromised data on 76 million households, one of the biggest hacks in American history. The bank lobbied on cybersecurity for the first time in the closing months of 2014, lobbying records show.
Morgan Stanley also made its inaugural foray into CISA lobbying in the first quarter of 2015 amid an investigation from U.S. authorities into whether a hacker published a cache of client data online.
“In all of these cases, what has emerged is a sense of where we need to focus more of our attention is actually on the data-sharing element between the public and private sector,” the insurance official said.
Other industries are looking to K Street with the expectation that they’re about to become digital predators’ favorite prey.
More automakers are hiring lobbyists on the bill as researchers repeatedly display the fallibility of Internet-connected cars’ cyber defenses. Association of Global Automakers was a newcomer in 2015, joining the United Services Automobile Association, which has listed CISA on its forms since 2012.
The aviation industry is also joining the fight, amid increasing government warnings that hackers will soon take to the sky. Boeing and American Airlines both specifically cited CISA on their lobbying forms for the first time this year.
Last month, a government watchdog agency warned that airplane Wi-Fi systems are vulnerable to hackers. Just this week, the Federal Aviation Administration cautioned Boeing that a software bug could cause one of its 787 Dreamliner jets’ electrical systems to give out. “White hat” hackers — who attempt to break into information systems to test computer security — had previously uncovered software flaws in 787s and other jets that exposed them to digital attacks.
The increase in lobbying activity can have an effect on whether the bill ultimately passes, Baumgartner said.
“If it’s all 90 percent in the same direction, for [lawmakers] it’s a no brainer,” he said.