Senate punts cyber bill after reaching deal on amendments

Senate punts cyber bill after reaching deal on amendments

Senators are punting a major cybersecurity bill to at least September after reaching an agreement Wednesday afternoon lining up the initial amendments to be offered.

The Cybersecurity Information Sharing Act (CISA), which facilitates the exchange of cyber threat information between companies and the government, is meant to help the nation prop up its faltering digital defenses.

The deal on amendments was struck just hours after it appeared negotiations might totally fall apart. Under the accord, privacy advocates will be able to offer a number of amendments without a limit on the debate time, a key provision for Senate Democrats.


Democratic Sens. Ron WydenRonald (Ron) Lee WydenWyden blasts FEC Republicans for blocking probe into NRA over possible Russia donations Wyden calls for end to political ad targeting on Facebook, Google Ex-CIA chief worries campaigns falling short on cybersecurity MORE (Ore.), Patrick LeahyPatrick Joseph LeahyAppropriators warn White House against clawing back foreign aid House panel investigating decision to resume federal executions Graham moves controversial asylum bill through panel; Democrats charge he's broken the rules MORE (Vt.) and Al FrankenAlan (Al) Stuart FrankenNative American advocates question 2020 Democrats' commitment Reid says he wishes Franken would run for Senate again Al Franken urges Trump to give new speech after shootings: 'Try to make it sound like you're sincere, even if you're not' MORE (Minn.) will get to propose four of their desired edits.

“A couple of days ago it was my fear that this bill would be brought up — it’s a badly flawed bill — and it would be brought up with no opportunity for senators on both sides of the aisle to fix the legislation,” Wyden said on the floor just after the agreement was announced.

“There is going to be a real debate,” he added. “That’s of course what the United States Senate is all about.”

Civil liberties-minded Republican Sens. Dean HellerDean Arthur HellerThis week: Barr back in hot seat over Mueller report Trump suggests Heller lost reelection bid because he was 'hostile' during 2016 presidential campaign Trump picks ex-oil lobbyist David Bernhardt for Interior secretary MORE and Rand PaulRandal (Rand) Howard PaulGraham promises ObamaCare repeal if Trump, Republicans win in 2020 Conservatives buck Trump over worries of 'socialist' drug pricing Rand Paul to 'limit' August activities due to health MORE will also get to offer one amendment each.

None of Paul's non cyber-related amendments — including a measure to limit federal funding for immigration “sanctuary cities” and an amendment to audit the Federal Reserve — will see the floor to start. Several people with knowledge of the recent negotiations said these proposed add-ons were slowing a deal.

In total, Democrats will put forward 11 amendments, while Republicans will get to offer 10. But Senate aides said the two parties could agree to allow more amendments after wrapping up the initial set. 

While CISA supporters argue enhancing cyber threat information sharing is a necessity to better understand and repel potential cyberattacks, privacy advocates believe the bill will simply funnel more sensitive data on American citizens to government intelligence agencies.

Despite bipartisan support, a White House endorsement and industry backing, Senate leaders have been unable to move CISA for months, even after catastrophic hacks at the Office of Personnel Management (OPM) left over 22 million people’s sensitive data exposed.

Senate Majority Leader Mitch McConnellAddison (Mitch) Mitchell McConnellAre Democrats turning Trump-like? House Democrat calls for gun control: Cities can ban plastic straws but 'we can't ban assault weapons?' Churches are arming and training congregants in response to mass shootings: report MORE (R-Ky.) said the final pact would “set up expedited” consideration of CISA when the upper chamber returns in September.

But September is packed. Senators are facing multiple budget deadlines and a fight over the Iran nuclear deal, causing some to wonder whether lawmakers will be able to find floor time for CISA.

Senators on Wednesday said they were trying to tie the CISA amendments pact to an agreement to structure floor debate on Iran.

"We need a schedule for debate and votes on two major issues [Iran and cyber], plus we’ve got a whole September full of cliffs," Senate Armed Services Committee Chairman John McCainJohn Sidney McCainThe Hill's Morning Report — Recession fears climb and markets dive — now what? Trump makes rare trip to Clinton state, hoping to win back New Hampshire Graham promises ObamaCare repeal if Trump, Republicans win in 2020 MORE (R-Ariz.) told reporters.

CISA has been stuck in the upper chamber since it cleared the Senate Intelligence Committee in March by a 14-1 vote. A jammed schedule and a toxic debate over digital privacy have sidetracked work on the measure.

Even after the House easily passed its two complementary pieces of companion legislation in April, the Senate’s measure got pulled into a bruising debate over reforming the National Security Agency (NSA) that dragged into June.

Weeks later, the OPM data breach forced Congress to shift its focus back to cybersecurity.

The cyberattacks, believed to be part of a Chinese espionage scheme, highlighted federal networks’ woefully deficient cyber defenses. Lawmakers bashed the Obama administration for sluggishly responding to years of inspector general warnings that the government’s computer systems were not safe from hackers.

In response, McConnell moved to link CISA’s language to a defense authorization bill. Democrats and a few Republicans revolted, angry they wouldn’t be allowed to amend CISA’s text, and blocked the maneuver.

With Wednesday's deal, they now have their chance.

The privacy-minded cohort, led by Wyden, is hoping to restrict the sensitive data on Americans that might be shared with the government under the bill.

Franken’s edit, for example, would narrow the definition of “cyber threat indicator,” a broad category for the data companies will pass to federal agencies.

Wyden’s first alteration would insert stricter requirements for companies to inspect and strip personal details from cyber threat data. The second would mandate a process to notify people whose personal information may have been inappropriately shared.

Heller’s desired edit would also raise the standard on companies for removing sensitive data before sharing it with the government.

“Information sharing without vigorous, robust privacy safeguards will not be considered by millions of Americans to be a cybersecurity bill,” Wyden said. “Millions of Americans will say, ‘That legislation is a surveillance bill.’”

Sen. Barbara MikulskiBarbara Ann MikulskiLobbying World Only four Dem senators have endorsed 2020 candidates Raskin embraces role as constitutional scholar MORE (D-Md.), the top Democrat on the Senate Appropriations Committee, will also get to offer her provision that would bump up the OPM’s cybersecurity funding by $37 million between now and September 2017.

From the right, Sen. Tom CottonThomas (Tom) Bryant CottonCongress must address gender gap in nominations to military service academies GOP senators press Google on reports it developed a smart speaker with Huawei Sunday shows - Mass shootings grab the spotlight MORE (R-Ark.) will push a change that is likely to raise the ire of privacy advocates. Cotton is backing an amendment that would shield firms from legal culpability when sharing data directly with the FBI and Secret Service. As written, CISA only provides such protections when companies share data directly with the Department of Homeland Security (DHS).

Privacy advocates believe companies should only go through the DHS, which is seen as having the government’s best data privacy procedures.

With the battle lines hardening Wednesday, senators will now get at least a month to mull over which side they plan to fight for.

This story was updated at 6:10 p.m.