Senate Cybersecurity Vote in June Despite Concerns Over Privacy, Overregulation
Senate Majority Leader Harry Reid, D-Nev., plans to bring a cybersecurity bill to the Senate floor in June, setting up a pivotal vote in Congress’s attempt to secure the nation’s cyberassets from attack. But the path forward is unclear as lawmakers strive to resolve major differences over two of the Senate’s leading cybersecurity bills, the Cybersecurity Act (S-2105) and the SECURE IT Act (S-2151).
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
Negotiations are still under way on what the final Senate cybersecurity bill will look like but a vote is indeed coming, said Senate Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman, I-Conn., after the caucus luncheons Tuesday. A Reid spokesman said that the majority leader “hopes” to bring a cybersecurity bill to the Senate floor during the “next work period,” which begins on June 4.
"The sponsors of the two major [Senate] bills … both agree it’s important to have an information sharing provision in it,” Lieberman said. “We don’t agree on the standards provision.” The SECURE IT Act lacks any provisions or requirements to compel owners and operators of critical infrastructure to increase their cybersecurity protections. S-2105 authorizes the Homeland Security secretary to identify where private sector performance requirements are inadequate and develop new performance requirements for owners and operators of covered critical infrastructure. Lieberman is a co-sponsor of S-2105, along with Homeland Security Ranking Member Susan Collins, R-Maine, Senate Commerce Committee Chairman Jay Rockefeller, D-W.Va., and Senate Intelligence Committee Chairman Dianne Feinstein, D-Calif.
Senate Armed Services Committee Ranking Member John McCain, R-Ariz., agreed. “There are some fundamental differences philosophically on the whole issue about giving responsibility to the Department of Homeland Security, and let[ting] them write regulations is clearly something the House of Representatives has rejected,” he told us. McCain is a sponsor of the SECURE IT bill along with GOP Sens. Kay Bailey Hutchison of Texas; Chuck Grassley of Iowa; Saxby Chambliss of Georgia; Lisa Murkowski of Alaska; Dan Coats of Indiana; Ron Johnson of Wisconsin; and Richard Burr of North Carolina.
Last month the House passed four cybersecurity bills during the Republican-led “cyberweek.” Lawmakers passed HR-3523, the Cyber Intelligence Sharing and Protection Act (CISPA), by a 248-168 vote despite a veto threat from the White House stemming from the bill’s lack of privacy provisions and protections for core critical infrastructure. The bill is similar to SECURE IT because it avoids industry regulations and aims to increase information sharing between the public and private sectors (CD April 30 p1).
"The two biggest, most important parts [of S-2105] are the most controversial,” Lieberman said. “One is about information sharing and the concern about civil liberties groups and privacy groups that there is a problem with that … and the second is the standards. We know that there are a lot of private owners of critical cyberinfrastructure who are not adequately defending themselves from cyberattack which means the country is not adequately defended,” he said.
Sen. Ron Wyden, D-Ore., spoke against the privacy implications of S-2105 Tuesday and negatively compared the legislation to the Stop Online Piracy Act (SOPA) and PROTECT IP Act (PIPA), which failed to progress after privacy groups launched an online protest in December. “I draw a parallel to the question of PIPA and SOPA where again you have two important objectives,” Wyden told us: “In the case of PIPA and SOPA I don’t dispute that piracy is a problem. I'm just not prepared to undermine the integrity of the Internet in dealing with it. I also think that dealing with the very real threat of cybersecurity doesn’t mean you have to sacrifice privacy. They are not mutually exclusive goals.”
Lieberman said Wyden’s comparison was “totally unfair.” “There is no basis for that, we are working with a broad coalition of groups that have expressed concern about it to reassure them. … The information sharing section is to enable people in the private sector to share information with each other about cyberattacks and cyberdefense without fear of an antitrust action, and for them to share information with the government, [National Security Agency], DHS, so that they can help them defend themselves. … There is no intention to violate anybody’s privacy there. I kind of understand what people are imagining could happen, and we are very open to including language in our bill to reassure them as best we can that we want to protect privacy and civil liberties.”