Congress

Feinstein, Chambliss: We can pass a cyber bill during lame duck

Sens. Saxby Chambliss (R-Ga.) and Dianne Feinstein (D-Calif.) claim their cyber legislation has a solid chance of passing during the lame duck session.

The Senate Intelligence Committee's top Democrat and Republican made an eleventh-hour pitch for Congress to pass their cybersecurity information-sharing bill during next month's lame-duck session.

Sens. Dianne Feinstein (D-Calif.) and Saxby Chambliss (R-Ga.) told an Oct. 28 conference hosted by the U.S. Chamber of Commerce that their cybersecurity bill has a good chance of passing in the lame duck because compliance with the bill would be voluntary and not mandatory. Differing opinions on the proper approach to public-private information-sharing have killed several previous cyber bills in 2012 and 2013.

Rep. Mike Rogers (R-Mich.), chairman of the House Intelligence Committee, has said he is ready to convene a conference committee with the Senate during the lame-duck session to work out a final version. The House passed its cybersecurity bill, which the White House threatened to veto, in April 2013.

Chambliss has said the quartet of Intelligence Committee leaders (which includes Maryland Democratic Rep. Dutch Ruppersberger) have collaborated more closely than previous groups. And Chambliss and Rogers are retiring at the end of this term, lending urgency to the effort. But given the crowded legislative calendar, partisan gridlock and the fact that the Obama administration may, as Feinstein noted Oct. 28, prioritize surveillance reform over a cyber bill, there are plenty of ways that a cybersecurity information-sharing bill could still stall in the lame duck.

The Feinstein-Chambliss bill would authorize a centralized process at the Department of Homeland Security by which private firms could share threat information with the government without legal liability. That information would then be shared simultaneously with relevant federal agencies. The DHS secretary would have to confirm to Congress that that process is functional before it is implemented.

Supporters of the bill say the possibility of legal repercussions for firms that share confidential information with the government has undercut cybersecurity. That the bill addresses this liability issue is one reason the U.S. Chamber of Commerce supports it.

The bill also would allow firms with written consent from a federal agency to help an agency repel malware attacks and other cyber threats via "countermeasures," which are defined as techniques and technologies that help protect an information system. Mark Seward, senior director of public sector solutions marketing at Splunk, a big-data analytics firm, has said that data collected through countermeasures would provide fodder for information-sharing across the private sector, and between the private sector and government.

The Senate Intelligence Committee approved the measure by a 12-3 vote in July, but it has yet to see the Senate floor. "I think if we can get this up on the floor, I believe we can pass it," Feinstein said.

A coalition of privacy and online groups oppose the bill, arguing that it would do less to protect civil liberties than a 2012 Senate bill that failed, in part, because of opposition from the Chamber of Commerce.

Starting in mid-November, Congress will reconvene for several weeks with a crowded docket of bills and issues to consider. "I have implored [Senate Majority Leader Harry Reid] that if there is one piece of legislation that needs to be completed between now and the end of the year, this is it," Chambliss said.

Chambliss and Feinstein have sparred over previous cybersecurity legislation, and pointed to their cooperation this time around as evidence the bill is both pragmatic and passable. "We [did] not want to produce something that cannot get a vote," Feinstein said.

Yet even as Chambliss stressed the urgency of passing the bill, he said establishing a public-private mechanism for sharing cyber threats is a long-term endeavor.

"It's important that we put language in this bill that allows flexibility," he said. "This is not a short-term project from our standpoint."

Given how quickly cybersecurity technology changes, he added, "we want to make sure that 10 years from now that there's flexibility in the legislative language that allows the public sector and the private sector ... to adjust to what technology comes forward in the intervening timeframe."

About the Author

Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.

Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.

Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.