Senate stalls on cybersecurity bill

Wrangling over amendments delays floor action on Senate cyber bill until September.

Shutterstock image.

The Senate is leaving town for its August recess without further action on a cybersecurity bill.

The Cybersecurity Information Sharing Act is the latest in what has become an annual exercise in attempting to provide a new legal framework for private companies to share information on cyber threats with government and with each other, without running afoul of privacy and antitrust statutes.

A deal to bring CISA to the floor for a cloture vote with an eye to passing the bill on Aug. 6 fell apart because of disagreements over what amendments would be subject to debate and vote. The Senate now plans to pick up cybersecurity after the recess, with Democrats allowed to introduce 11 amendments and with Republicans getting 10.

Senators lobbed more than 70 amendments, some relevant to cybersecurity and some designed with the apparent intent of delaying action on the bill.

While the measure was approved by the Senate Select Committee on Intelligence by a vote of 14-1 and has White House backing, privacy advocates are concerned that network operators won't have to obtain the consent of their customers before sharing information on alleged cyber threats with federal agencies.

White House spokesman Eric Schultz put out a statement backing the bill. "Cybersecurity is an important national security issue and the Senate should take up this bill as soon as possible and pass it," Schultz said Aug. 4.

The administration backing is notable because the Department of Homeland Security warned of privacy issues with the bill in a letter to Sen. Al Franken (D-Minn.). Those concerns were apparently addressed in recent changes to the bill by its lead backers, Sens. Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.), the chairman and vice chair of the Intelligence Committee.

Sen. Ron Wyden (D-Ore.), the lone no-vote on the Intelligence panel, has characterized CISA as a "surveillance bill," and he doesn't think it will work.

"I'm of the view that this bill in its present form would do little if anything to stop large, sophisticated cyberattacks like the Office of Personnel Management hack," Wyden said on the Senate floor.

Feinstein rejected that view. "We have made some 15 privacy information improvements in this bill," she said during floor debate Aug. 6, referring to a manager's amendment added to the bill to mandate that information gleaned in cybersecurity threat reports won't be used in unrelated prosecutions by law enforcement agencies. "This is not a surveillance bill," Feinstein said. "What it is meant to be is a voluntary effort that companies can enter into with some protection if they follow this law," she said.

CISA would give network operators and other private firms certain protections from antitrust and consumer privacy liabilities when they report information on cyber threats to government, or share them with each other.

"It's been referred to that we're here because OPM got hacked. No. We're here because the American people's data is in jeopardy if government doesn't help to find a way to minimize the loss," Burr said on the floor Aug. 4.

Turf issues may have played a role in the bill stalling out. The Judiciary Committee and the Homeland Security and Governmental Affairs Committee have jurisdiction over agencies and policies charged with leading the response to the cyber threat, and some panels have their own legislation on cyber teed up.

"The Homeland Security Committee is certainly free to do a bill. The Judiciary Committee is certainly free to do a bill. We happen on Intelligence ... to have been working on this for a long, long time, "Feinstein said. "This bill, I believe, has hit the mark."

If the bill passes in September, it still would have to be reconciled with a pair of bills passed by the House, one making DHS the hub of information sharing with private firms, and another authorizing the intelligence community to share known threat signatures with private companies via DHS.

Burr noted in his floor remarks that he hoped for quick passage of CISA in order to get to work conferencing the legislation.

"It's the Senate that's now holding us back," Burr said.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.