White House Threatens CISPA Veto as House Moves on Cybersecurity Bills

Rogers and Ruppersberger offered an amendment to CISPA that would make the Department of Homeland Security the lead coordinating agency for any cyberthreat information sharing between U.S. companies and other federal agencies. The provision aims to alleviate the concerns of the White House and privacy groups that previously objected to the bill, saying it would permit companies to share citizens’ data with the National Security Agency. The bill also added a “100 percent minimization” amendment that would strip any personally identifiable information from data that are shared with the federal government, said Ruppersberger. Rogers said that the bill only allows private companies and federal agencies to voluntarily share “ones and zeros."

The White House said it’s seeking additional amendments and that President Barack Obama would veto the bill if it passed Congress in its current form, according to a statement of administration policy made public Tuesday. The administration continues to be concerned that the bill “does not require private entities to take reasonable steps to remove irrelevant personal information when sending cybersecurity data to the government or other private sector entities,” said the White House policy statement. The administration was also concerned about the “broad scope” of the bill’s liability limitations and that cyberthreat information sharing should “enter the government through a civilian agency, the Department of Homeland Security,” said the policy statement. The White House issued a veto threat on the bill last session just prior to its passage in the House.

The White House said the bill should adhere to the following priorities: “Carefully safeguard privacy and civil liberties; preserve the long-standing, respective roles and missions of civilian and intelligence agencies; and provide for appropriate sharing with targeted liability protections.” It said Congress should “incorporate privacy and civil liberties safeguards into all aspects of cybersecurity and enact legislation that: strengthens the nation’s critical infrastructure’s cybersecurity by promoting the establishment and adoption of standards for critical infrastructure; updates laws guiding federal agency network security; gives law enforcement the tools to fight crime in the digital age; and creates a national data breach reporting requirement.”

Rogers said he was “incredibly disappointed” with the White House veto threat and told members of the House Rules Committee in a hearing Tuesday afternoon that he does “not believe the administration knows how to work with a legislative body.” The administration’s veto threat is “flabbergasting to me,” said Rogers. “Candidly, I thought this was amateur hour.” Ruppersberger said “our vote count shows that we can pass the bill at this point,” despite the administration’s veto threat. “The bottom line is that the President has to eventually sign the bill,” he said.

The House separately approved the Federal Information Security Amendments Act by a 416-0 vote. Sponsored by House Oversight Committee Chairman Darrell Issa, R-Calif., HR-1163 would amend the Federal Information Security Management Act (FISMA), require federal agencies to increase information technology security requirements, establish automated and continuous monitoring capabilities for existing systems and give the Office of Management and Budget authority to oversee federal information security policies, among other provisions. The bill will address the “shortcomings of FISMA by incorporating recent technological innovations, and enhance and strengthen the current framework that protects federal information technology systems,” Issa said Tuesday. The House passed identical legislation (HR-4257) last year by a voice vote, but the Senate didn’t take up the measure.

The Cybersecurity Enhancement Act passed 402-16. Sponsored by House Homeland Security Committee Chairman Mike McCaul, R-Texas, HR-756 aims to increase and incentivize cybersecurity research and development, and fund cybersecurity education programs, among other provisions. The bill would authorize, for three years, funding for cybersecurity research grants at the National Science Foundation, and require the development of a federal cybersecurity research and development plan. “Every agency in the federal government has been victim of cyberattacks from our adversaries and online criminals,” McCaul said. “The first step in addressing this national security challenge is to develop a strategy for bolstering our defensive capabilities.” The House passed similar legislation in 2011 and 2012 (HR-4061, HR-2096) but the Senate didn’t take up the measures.

The Advancing America’s Networking and Information Technology Research and Development Act passed 406-11. Sponsored by Rep. Cynthia Lummis, R-Wyo., HR-967 would amend the High Performance Computing Act of 1991 to modernize the Networking and Information Technology Research Development program. The bill would also implement recommendations from the President’s Council of Advisors on Science and Technology on interagency coordination of networking and information technology research and development. “Today’s vote reauthorizes an important program that provides the coordination and focus our country needs to stay competitive in this dynamic environment,” said Lummis. The House passed similar legislation last year (HR-3834) by a voice vote but the Senate didn’t take up the measure.

Senate Armed Services Committee Ranking Member John McCain, R-Ariz,. said he was tracking the House cybersecurity votes. “We have had many conversations with Chairman Rogers,” he said in an interview at the Capitol. McCain added that he and Sen. Carl Levin, D-Mich., have had “constant meetings” on a Senate cybersecurity bill. “We are still working on it, and hopefully we can come to an agreement,” said McCain.

Senate Appropriations Committee Chairman Barbara Mikulski, D-Md., said she too had been “keeping an eye” on the House’s cybersecurity effort. Senators “are getting ready to move our own [cybersecurity] endeavor,” she said in an interview at the Capitol. “It’s a top priority.” Senate Homeland Security and Governmental Affairs Committee Chairman Tom Carper, D-Del., said during a separate interview at the Capitol that he hasn’t been closely tracking the cybersecurity bills being considered by the House this week. He said work on a Senate cybersecurity bill is ongoing and he’s been encouraged by the U.S. Chamber of Commerce’s input during a meeting last week on the National Institute of Standards and Technology’s work to develop voluntary cybersecurity guidelines for companies. “One of several impediments last year to putting together a bipartisan cybersecurity bill was the reluctance of the Chamber of Commerce,” he said. Its recent input was “positive, instructive and it’s a very encouraging sign,” he said.