Congress has plenty on its plate right now, with infrastructure legislation, the annual defense spending authorization process and House leadership elections on the immediate horizon. Not long after that, lawmakers must turn their attention to keeping to government running (yet again).
But some are reminding us that cybersecurity legislation shouldn’t get lost in the fray.
“What’s happening, ladies and gentlemen, is that we have other countries and individuals that are simply eating our lunch,” Sen. Dianne Feinstein (D-Calif.), vice chair of the Senate Select Committee on Intelligence, said at the U.S. Chamber of Commerce’s Cybersecurity Summit on Tuesday. “We have countries that can get into a company and stay there for two or three years and drain it of its fiduciary information. We want to stop that, and this is the first step.”
That step is the Cybersecurity Information Sharing Act (CISA), which would protect businesses that share information about data breaches and other cyber threats with other companies or government leaders. Approved by the Senate Intelligence Committee by a nearly unanimous vote in June, the bill is slated to reach the Senate floor soon after lawmakers return from recess later this month.
A similar information-sharing proposal is being considered right now in the House. Though the two measures have some important differences, both would help American companies better protect against, more effectively prepare for and more quickly detect cyberattacks.
“At the end of the day, there’s no more compelling reason for us to do this than the last attack, and the one before that, and the one that’s going to happen next week, next month, and next year,” Sen. Richard Burr (R-N.C.), the committee’s chairman, told the standing-room audience gathered for the Cybersecurity Summit. “We can put American businesses in a better position to minimize the loss of data, which is the best thing we can do for American consumers and businesses.”
Still, the measures face hurdles ahead -- namely, from critics who have falsely labeled the legislation as so-called “surveillance” bills that compromise the privacy of consumer information.
“Our bill has been misportrayed, people have lied about what’s in it,” Burr told business leaders in the audience. “Make no mistake, privacy groups will do everything they can to kill this bill. But I don’t think any honest arbitrator could look at this bill and say we haven’t incorporated everything that one could put in statute to discourage any transfer of personal data.”
Moreover, Feinstein pointed out that the legislation allows -- but in no way forces -- companies to more securely share cyber threat information. In that sense, she noted, the bill is entirely “voluntary.”
“No one has to do anything if they don’t want to,” Feinstein explained. “The point of the bill is, if a company wants to share cyber threat related information with another company or with the federal government, they are covered with liability immunity.”
In an increasingly rare scenario in Washington, not only do Republicans and Democrats on the Hill widely support CISA, so too does the Obama administration.
“Information sharing legislation is a critical piece of enhancing the nation's cyber security,” Michael Daniel, special assistant to President Obama and the White House’s Cybersecurity Coordinator, said at the summit. “The government and the private sector must be able to share relevant information more quickly and in a manner that preserves and protects the privacy rights of all Americans.”
Daniel noted that the administration supports both the Senate and House measures, encouraging the Senate to approve CISA “without delay” so the two chambers can start hammering out a final bill.
“Cyber criminals are not waiting to steal our intellectual property and financial data,” he said. “Neither can Congress wait to pass this legislation.”
Despite the urgency and the bipartisan support, Burr and Feinstein expressed concerns that CISA could be slowed by the Congress’ focus on other pressing matters, like the annual defense spending bill and House leadership elections. It’s up to the business community, they said, to help keep cyber information-sharing legislation top of mind this fall in Washington.
“This next week is very important,” Feinstein told business leaders gathered at the Cybersecurity Summit, later urging them to call their representatives in Congress. “We thank you for your support and we ask you for this one last push.”