A House committee chairman said Congress still could pass cybersecurity legislation before year’s end, calling on lawmakers to advance a proposal to spur the government and private sector to share network-attack information.
Rep. Michael Rogers (R-Mich.), chairman of House Permanent Select Committee on Intelligence, told a panel of cyber experts last Friday they should not assume the heated debate in Congress over cybersecurity legislation is over for this session of Congress, which ends in the coming weeks.
Lawmakers clashed over how to address cyber attacks this year, with Republicans rejecting a Senate bill they view as forcing too much regulation on business. Yet Rogers and Rep. Michael McCaul (R-Texas), who will chair the House Homeland Security Subcommittee starting next year, said Congress could pass just one provision from the Senate bill that is also in House legislation they supported: legislative language making is easier for the government and private sector to share data on cyber attacks.
“So we all had a bit of consensus on the cyber-sharing piece; it was the one piece that we could all agree on that made sense,” Rogers said at a George Washington University event to launch its new Cybersecurity Initiative.
“I haven’t given up yet. We still have a couple weeks,” he said. Lawmakers may have to stay in Washington until the final days of this legislative session as they work on the so-called fiscal cliff issues of tax and spending cuts, he noted.
“We may be here late,” he said. “So, hopefully, we’ll take that opportunity to get (an agreement on cybersecurity legislation addressing) the thing that we can all, in a bipartisan way, agree on, (which) is (facilitating the sharing of) information.”
The Senate’s Cybersecurity Act of 2012, crafted by Senate Homeland Security and Government Affairs Committee Chairman Sen. Joe Lieberman (I/D-Conn.) and Ranking Member Susan Collins (R-Maine), was blocked in August and November by Republicans concerned that it would lead to unnecessary regulation on businesses, as the U.S. Chamber of Commerce argues. That legislation is intended to ensure critical-infrastructure providers better protect their networks by following voluntary threat-protection standards created by the private and public sectors.
Rogers and McCaul supported the House-passed Cyber Intelligence Sharing and Protection Act (CISPA), which requires intelligence officials to share cyber-security-threat information with the private sector. It also allows companies to share such data with the government and offers them liability protection as an incentive to do so.
The White House supports the Senate bill and has threatened to veto the House version. President Barack Obama’s administration has drafted a back-up executive order that would go around Congress and could mandate some of the provisions in the Senate bill.
However, such an order could not offer the so-called safe-harbor provision, which offers liability protection to companies to encourage them to share information on cyber attacks with the government.
“That’s something that only the Congress can do,” McCaul said last Friday. “It cannot be done by executive order. So that is why it is so incumbent that we act.”