Senators Prepping Cybersecurity Bills for Introduction
The top Democrats on the Senate Commerce, Intelligence, and Homeland Security committees are working behind the scenes to craft cybersecurity legislation aimed at shoring up President Barack Obama’s cybersecurity executive order, they said in interviews last week. Senate Commerce Committee Chairman Jay Rockefeller, D-W.Va., appears to be leading the charge with a narrowly focused bill aimed at making the National Institute of Standards and Technology (NIST) the lead agency in developing cybersecurity guidelines for U.S. businesses. The Commerce Committee plans a hearing to examine NIST’s role in increasing private sector cybersecurity protections on Thursday, at 2:30 p.m. in 253 Russell. Witnesses haven’t been announced.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
Earlier this month Rockefeller and Commerce Ranking Member John Thune, R-S.D., circulated a draft cybersecurity bill aimed at codifying NIST’s role in developing a voluntary set of cybersecurity guidelines and best practices for owners and operators of the nation’s critical infrastructure systems (WID July 12 p1). Rockefeller told us in an interview last week he was optimistic the committee would be able to advance cybersecurity legislation in a bipartisan manner. “John Thune and his staff have done a terrific job, and so he is on … board on that,” said Rockefeller. “That doesn’t mean he likes everything, nor do I, but I think we will put it out for people to look at.” NIST has been working with owners and operators of critical infrastructure systems since February to develop a voluntary cybersecurity framework as part of Obama’s cybersecurity executive order. NIST plans to release a preliminary version of the framework in October.
Rockefeller said he’s working in coordination with Senate Intelligence Committee Chairwoman Dianne Feinstein, D-Calif., and Homeland Security and Governmental Affairs Committee Chairman Tom Carper, D-Del. “Dianne and Carper and I agree that we won’t do anything without telling each other,” said Rockefeller. “It is a good path right now. Businesses are moving a little bit more towards it.” Carper was not available for comment.
Feinstein told us she and Ranking Member Saxby Chambliss, R-Ga., are “somewhat close” to introducing a cybersecurity bill to increase cyberthreat information sharing between the government and the private sector. “Senator Chambliss and I have been negotiating this through several bills and we are just preparing a bill to show him, in which he has played a major role,” she said last week. Feinstein said she doesn’t believe the coming legislation “necessarily tracks” with the House-passed Cyber Intelligence Sharing and Protection Act (CISPA) (HR-624). “But we have a very good relationship with the chairman and the vice chairman in the House [Intelligence Committee] and I think in the interest of getting something done we may have an opportunity to work something out with them.” Earlier this year the House passed CISPA, which aims to increase cyberthreat information sharing between the public and private sectors, something which cybersecurity experts say is needed to protect U.S. networks from attacks. HR-624 is a modified version of the information sharing legislation that passed the House last year (HR-3523) but failed to achieve a vote in the Senate.
Rockefeller threw cold water on the House information sharing bill and said in the interview the push to grant businesses liability protection for sharing cyberthreat information “is a little bit less of an issue than it used to be.” “Once people realize that if [telecom companies] have complete liability [protection] it means the taxpayer would be paying for every suit and that means there would be ten thousand suits a week.” Rockefeller said he favors the privacy structure offered by the Foreign Intelligence Surveillance Act agreement, the FISA court “and the layers we built into there for protection. … Some people want the whole thing to reside with Verizon and AT&T. It’s a terrible mistake -- they have all these third-party people who pick out data they want and use it to sell stuff and mail you stuff or whatever and sometimes add stuff onto your bill.” Rockefeller previously described CISPA as a “very watered-down, weak, sort of useless bill” and said it would be better to send Senate cybersecurity legislation to the House to vote on.
Sen. John McCain, R-Ariz., one of the primary critics of the Democrats’ comprehensive cybersecurity bill in the last Congress, told us in an interview last week he’s “going to continue the negotiations” on cybersecurity legislation. “In fact, we're meeting together again sometime soon,” he said. McCain did not say who he was planning to meet with about cybersecurity legislation, but said it would likely occur after the August recess. McCain helped sink the Cybersecurity Act of 2012 (S-3414) because Senate Republicans opposed a provision aimed at encouraging cybersecurity requirements for businesses.