Senate stalls on cybersecurity bill

Shutterstock image.

The Senate is leaving town for its August recess without further action on a cybersecurity bill.

The Cybersecurity Information Sharing Act is the latest in what has become an annual exercise in attempting to provide a new legal framework for private companies to share information on cyber threats with government and with each other, without running afoul of privacy and antitrust statutes.

A deal to bring CISA to the floor for a cloture vote with an eye to passing the bill on Aug. 6 fell apart because of disagreements over what amendments would be subject to debate and vote. The Senate now plans to pick up cybersecurity after the recess, with Democrats allowed to introduce 11 amendments and with Republicans getting 10.

Senators lobbed more than 70 amendments, some relevant to cybersecurity and some designed with the apparent intent of delaying action on the bill.

While the measure was approved by the Senate Select Committee on Intelligence by a vote of 14-1 and has White House backing, privacy advocates are concerned that network operators won't have to obtain the consent of their customers before sharing information on alleged cyber threats with federal agencies.

White House spokesman Eric Schultz put out a statement backing the bill. "Cybersecurity is an important national security issue and the Senate should take up this bill as soon as possible and pass it," Schultz said Aug. 4.

The administration backing is notable because the Department of Homeland Security warned of privacy issues with the bill in a letter to Sen. Al Franken (D-Minn.). Those concerns were apparently addressed in recent changes to the bill by its lead backers, Sens. Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.), the chairman and vice chair of the Intelligence Committee.

Sen. Ron Wyden (D-Ore.), the lone no-vote on the Intelligence panel, has characterized CISA as a "surveillance bill," and he doesn't think it will work.

"I'm of the view that this bill in its present form would do little if anything to stop large, sophisticated cyberattacks like the Office of Personnel Management hack," Wyden said on the Senate floor.

Feinstein rejected that view. "We have made some 15 privacy information improvements in this bill," she said during floor debate Aug. 6, referring to a manager's amendment added to the bill to mandate that information gleaned in cybersecurity threat reports won't be used in unrelated prosecutions by law enforcement agencies. "This is not a surveillance bill," Feinstein said. "What it is meant to be is a voluntary effort that companies can enter into with some protection if they follow this law," she said.

CISA would give network operators and other private firms certain protections from antitrust and consumer privacy liabilities when they report information on cyber threats to government, or share them with each other.

"It's been referred to that we're here because OPM got hacked. No. We're here because the American people's data is in jeopardy if government doesn't help to find a way to minimize the loss," Burr said on the floor Aug. 4.

Turf issues may have played a role in the bill stalling out. The Judiciary Committee and the Homeland Security and Governmental Affairs Committee have jurisdiction over agencies and policies charged with leading the response to the cyber threat, and some panels have their own legislation on cyber teed up.

"The Homeland Security Committee is certainly free to do a bill. The Judiciary Committee is certainly free to do a bill. We happen on Intelligence ... to have been working on this for a long, long time, "Feinstein said. "This bill, I believe, has hit the mark."

If the bill passes in September, it still would have to be reconciled with a pair of bills passed by the House, one making DHS the hub of information sharing with private firms, and another authorizing the intelligence community to share known threat signatures with private companies via DHS.

Burr noted in his floor remarks that he hoped for quick passage of CISA in order to get to work conferencing the legislation.

"It's the Senate that's now holding us back," Burr said.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.