Senate ready to move on cybersecurity legislation, but differences remain

Senators are set to tackle legislation to protect the nation’s computer system when the upper chamber returns from its July 4th recess, but the efforts are being hampered by disagreements over the government’s role in overseeing cybersecurity standards.

Senate Majority Leader Harry (D-Nev.) has repeatedly said he believes cybersecurity legislation is critical, and he is expected to push for a vote in July.

ADVERTISEMENT

"There hasn't been a time that I've talked with [Reid] in the last year where he hasn't talked about the need to get cybersecurity to the floor," Sen. Jay RockefellerJohn (Jay) Davison RockefellerDemocrats look to scale back Biden bill to get it passed Humorless politics a sad sign of our times Bottom Line MORE (D-W.Va.) told reporters after a Senate hearing last week. "No other subject reigns so supreme."

Lawmakers of both parties worry that hackers are stealing America's business secrets and that an attack on a vital computer system could cause thousands of deaths.

But sharp differences remain. Senate Democrats are still trying to round up the necessary 60 votes to bring their preferred bill to the floor. 

The House passed its own bill, the Cyber Intelligence Sharing and Protect Act (CISPA), in April. 

President Obama has threatened to veto CISPA, saying it would undermine privacy and would fail to protect the nation's critical infrastructure.

The White House and Senate Democratic leaders have instead endorsed the Cybersecurity Act, sponsored by Sens. Joe Lieberman (I-Conn.) and Susan CollinsSusan Margaret CollinsThe Hill's Morning Report - Presented by Facebook - Biden clarifies his remarks on Russia Effort to overhaul archaic election law wins new momentum Bipartisan lawmakers announce climate adaptation bill MORE (R-Maine).

Both CISPA and Lieberman-Collins would encourage companies to share information about cyberthreats with each other and with the government. But Lieberman-Collins is seen as having stronger safeguards to protect people's private information.

For example, Lieberman-Collins would require that companies make a reasonable effort to strip out personally-identifiable information from the data they share with the government.

The bill would also give the Department of Homeland Security a lead role in handling the information-sharing, which privacy advocates prefer to military spy agencies, such at the National Security Agency. 

But privacy groups, including the American Civil Liberties Union (ACLU) and the Center for Democracy and Technology, as well as privacy-minded senators such as Sens. Ron WydenRonald (Ron) Lee WydenThese Senate seats are up for election in 2022 Democrats call on Biden administration to ease entry to US for at-risk Afghans Schumer opted for modest rules reform after pushback from moderates MORE (D-Ore.) and Al FrankenAlan (Al) Stuart FrankenMeet the Democrats' last best hope of preserving a House majority Franken rules out challenge against Gillibrand for Senate seat Franken targets senators from both parties in new comedy tour MORE (D-Minn.), are pushing for stronger privacy protections in Lieberman-Collins.

In a crucial difference from CISPA, Lieberman-Collins would require critical infrastructure, such as electrical grids and gas pipelines, to meet minimum cybersecurity standards. Supporters of the legislation say the standards are necessary to protect vital systems from attacks, but many Republicans argue that government mandates will burden businesses and do little to improve cybersecurity.

Senate Republicans, led by John McCainJohn Sidney McCainThese Senate seats are up for election in 2022 Redistricting reform key to achieving the bipartisanship Americans claim to want Kelly takes under-the-radar approach in Arizona Senate race MORE (Ariz.), Kay Bailey Hutchison (Texas) and Saxby ChamblissClarence (Saxby) Saxby ChamblissFormer Georgia Sen. Max Cleland dies at 79 Effective and profitable climate solutions are within the nation's farms and forests Live coverage: Georgia Senate runoffs MORE (Ga.), are pushing their own cybersecurity bill, the Secure IT Act.

The GOP bill is similar to CISPA in that it authorizes only voluntary information-sharing and would not set any cybersecurity mandates.

The senators introduced a revised version of Secure IT last week that, among other changes, enhances some of the bill's privacy protections.

"There are consensus items here that everyone agrees on," a Republican Senate aide told The Hill. "In a contentious election year, if we want to pass a law, we should focus on those consensus items."

But the White House and Senate Democrats argue that any cybersecurity legislation that lacks protections for critical infrastructure is inadequate.

When asked to respond to the new version of Secure IT, White House spokeswoman Caitlin Hayden said: "Cybersecurity legislation must include robust privacy protections and address the very serious risks facing the nation's critical infrastructure."

Sens. Sheldon WhitehouseSheldon WhitehouseOvernight Energy & Environment — Starting from 'scratch' on climate, spending bill Oath Keeper charges renew attention on Trump orbit Democrats call on Biden administration to ease entry to US for at-risk Afghans MORE (D-R.I.) and Jon Kyl (R-Ariz.) are working to find a middle ground on cybersecurity. They circulated a draft bill on Capitol Hill this month that would pressure, but not force, critical infrastructure companies to meet security standards.

Rockefeller, one of the primary co-sponsors of the Lieberman-Collins bill, said the compromise proposal is an "incredible set of suggestions" that avoids the "fear of mandates."

He said he can think of at least five Republicans who will support the compromise proposal.

But the GOP aide said some Republicans have "strong concerns with preliminary proposals" from Whitehouse and Kyl.

Although nearly everyone on Capitol Hill would like to see Congress pass some kind of cybersecurity legislation this term, time is running out.

In a speech on the Senate floor earlier this month, Lieberman predicted that lawmakers' attention will soon turn to the fall's election and that the lame-duck session after the election will be consumed by budget and tax issues.

Lieberman, who is retiring at the end of the term, said if the Senate doesn't vote in July, "we're not going to be able to pass this legislation."