Senate punts cyber bill after reaching deal on amendments

Senate punts cyber bill after reaching deal on amendments

Senators are punting a major cybersecurity bill to at least September after reaching an agreement Wednesday afternoon lining up the initial amendments to be offered.

The Cybersecurity Information Sharing Act (CISA), which facilitates the exchange of cyber threat information between companies and the government, is meant to help the nation prop up its faltering digital defenses.

The deal on amendments was struck just hours after it appeared negotiations might totally fall apart. Under the accord, privacy advocates will be able to offer a number of amendments without a limit on the debate time, a key provision for Senate Democrats.


Democratic Sens. Ron WydenRonald (Ron) Lee WydenBad jobs report amplifies GOP cries to end 0 benefits boost Putting a price on privacy: Ending police data purchases Overnight Health Care: Biden sets goal of at least one shot to 70 percent of adults by July 4 | White House to shift how it distributes unallocated vaccines to states MORE (Ore.), Patrick LeahyPatrick Joseph LeahySenate Democrats push Biden over raising refugee cap On The Money: Democratic scramble complicates Biden's human infrastructure plan | Progressives push on student debt relief No designated survivor chosen for Biden's joint address to Congress MORE (Vt.) and Al FrankenAlan (Al) Stuart FrankenMaher chides Democrats: We 'suck the fun out of everything' Why Caitlyn Jenner should not be dismissed #MeWho? The hypocritical silence of Kamala Harris MORE (Minn.) will get to propose four of their desired edits.

“A couple of days ago it was my fear that this bill would be brought up — it’s a badly flawed bill — and it would be brought up with no opportunity for senators on both sides of the aisle to fix the legislation,” Wyden said on the floor just after the agreement was announced.

“There is going to be a real debate,” he added. “That’s of course what the United States Senate is all about.”

Civil liberties-minded Republican Sens. Dean HellerDean Arthur HellerOn The Trail: Democrats plan to hammer Trump on Social Security, Medicare Lobbying World Democrats spend big to put Senate in play MORE and Rand PaulRandal (Rand) Howard PaulTim Scott sparks buzz in crowded field of White House hopefuls Sherrod Brown calls Rand Paul 'kind of a lunatic' for not wearing mask Overnight Health Care: WHO-backed Covax gets a boost from Moderna MORE will also get to offer one amendment each.

None of Paul's non cyber-related amendments — including a measure to limit federal funding for immigration “sanctuary cities” and an amendment to audit the Federal Reserve — will see the floor to start. Several people with knowledge of the recent negotiations said these proposed add-ons were slowing a deal.

In total, Democrats will put forward 11 amendments, while Republicans will get to offer 10. But Senate aides said the two parties could agree to allow more amendments after wrapping up the initial set. 

While CISA supporters argue enhancing cyber threat information sharing is a necessity to better understand and repel potential cyberattacks, privacy advocates believe the bill will simply funnel more sensitive data on American citizens to government intelligence agencies.

Despite bipartisan support, a White House endorsement and industry backing, Senate leaders have been unable to move CISA for months, even after catastrophic hacks at the Office of Personnel Management (OPM) left over 22 million people’s sensitive data exposed.

Senate Majority Leader Mitch McConnellAddison (Mitch) Mitchell McConnellManchin, Biden huddle amid talk of breaking up T package Romney: Removing Cheney from House leadership will cost GOP election votes The Hill's 12:30 Report - Presented by Facebook - Biden reverses Trump limits on transgender protections MORE (R-Ky.) said the final pact would “set up expedited” consideration of CISA when the upper chamber returns in September.

But September is packed. Senators are facing multiple budget deadlines and a fight over the Iran nuclear deal, causing some to wonder whether lawmakers will be able to find floor time for CISA.

Senators on Wednesday said they were trying to tie the CISA amendments pact to an agreement to structure floor debate on Iran.

"We need a schedule for debate and votes on two major issues [Iran and cyber], plus we’ve got a whole September full of cliffs," Senate Armed Services Committee Chairman John McCainJohn Sidney McCainEx-McSally aide pleads guilty to stealing over 0K in campaign funds DOJ: Arizona recount could violate civil rights laws Cheney fight stokes cries of GOP double standard for women MORE (R-Ariz.) told reporters.

CISA has been stuck in the upper chamber since it cleared the Senate Intelligence Committee in March by a 14-1 vote. A jammed schedule and a toxic debate over digital privacy have sidetracked work on the measure.

Even after the House easily passed its two complementary pieces of companion legislation in April, the Senate’s measure got pulled into a bruising debate over reforming the National Security Agency (NSA) that dragged into June.

Weeks later, the OPM data breach forced Congress to shift its focus back to cybersecurity.

The cyberattacks, believed to be part of a Chinese espionage scheme, highlighted federal networks’ woefully deficient cyber defenses. Lawmakers bashed the Obama administration for sluggishly responding to years of inspector general warnings that the government’s computer systems were not safe from hackers.

In response, McConnell moved to link CISA’s language to a defense authorization bill. Democrats and a few Republicans revolted, angry they wouldn’t be allowed to amend CISA’s text, and blocked the maneuver.

With Wednesday's deal, they now have their chance.

The privacy-minded cohort, led by Wyden, is hoping to restrict the sensitive data on Americans that might be shared with the government under the bill.

Franken’s edit, for example, would narrow the definition of “cyber threat indicator,” a broad category for the data companies will pass to federal agencies.

Wyden’s first alteration would insert stricter requirements for companies to inspect and strip personal details from cyber threat data. The second would mandate a process to notify people whose personal information may have been inappropriately shared.

Heller’s desired edit would also raise the standard on companies for removing sensitive data before sharing it with the government.

“Information sharing without vigorous, robust privacy safeguards will not be considered by millions of Americans to be a cybersecurity bill,” Wyden said. “Millions of Americans will say, ‘That legislation is a surveillance bill.’”

Sen. Barbara MikulskiBarbara Ann MikulskiBottom line How the US can accelerate progress on gender equity Former Md. senator Paul Sarbanes dies at 87 MORE (D-Md.), the top Democrat on the Senate Appropriations Committee, will also get to offer her provision that would bump up the OPM’s cybersecurity funding by $37 million between now and September 2017.

From the right, Sen. Tom CottonTom Bryant CottonTim Scott sparks buzz in crowded field of White House hopefuls Opposition to refugees echoes one of America's most shameful moments White House defends CDC outreach to teachers union MORE (R-Ark.) will push a change that is likely to raise the ire of privacy advocates. Cotton is backing an amendment that would shield firms from legal culpability when sharing data directly with the FBI and Secret Service. As written, CISA only provides such protections when companies share data directly with the Department of Homeland Security (DHS).

Privacy advocates believe companies should only go through the DHS, which is seen as having the government’s best data privacy procedures.

With the battle lines hardening Wednesday, senators will now get at least a month to mull over which side they plan to fight for.

This story was updated at 6:10 p.m.