A bill approved earlier this year by the Senate Intelligence Committee that would enable increased sharing of cyber threat data between the public and private sectors may be considered as part of the Senate’s version of its FY ’16 National Defense Authorization Act (NDAA).
During discussion and debate on the NDAA on Wednesday, Sen. John McCain (R-Ariz.), chairman of the Armed Services Committee, agreed to modify one of his amendments to the bill to include the Cybersecurity Information Act (CISA) of 2015, which passed the Intelligence Committee by a 14-1 margin.
McCain’s amendment, which would require criminal history background checks of childcare workers, accepted an amendment offered by Sen. Richard Burr (R-N.C.) as a second degree amendment. Burr, who is chairman of the Intelligence Committee, offered his amendment, which is the CISA bill.
While the CISA bill enjoyed wide bipartisan support within the Intelligence Committee—only Sen. Ron Wyden (D-Ore.) voted against it, largely on the grounds that it doesn’t do enough to protect individual privacy rights—the top Democrat on the panel Sen. Dianne Feinstein (D-Calif.) opposes consideration of the cyber bill as an amendment to the defense bill.
Feinstein, who helped author CISA, said on the Senate floor that filing the cyber legislation as an amendment as part of the defense bill raised concern among Republicans and Democrats who want to debate the legislation and offer their amendments in an attempt to modify it.
“I very much hope that the Majority Leader will reconsider this path and that once we have finished with the defense authorization bill, the Senate can take up, consider and hopefully approve the cyber security legislation,” Feinstein said. Without the cyber bill being considered separately, she warned that “we won’t have a bipartisan vote,” adding that “this is not an easy bill to draft because there are conflicts on both sides.”
The CISA bill, among other things, would provide liability protection for companies monitoring networks and sharing information on cyber threats. It would also make the Department of Homeland Security the primary federal portal for accepting cyber threat indicators and direct increased sharing of classified and unclassified cyber threat data with the private sector.
Privacy protections in the bill include ensuring that sharing by the private sector is voluntary and limiting the use of cyber threat indicators to specific purposes, including preventing cyber threats and crimes.
Mark Jaycox, a legislative expert on cyber issues with the Electronic Frontier Foundation, told Defense Daily via email that any “complex” cyber security legislation needs to be debated. He said Senate Majority Leader Mitch McConnell (R-Ky.) had committed to debating and amending cyber legislation but “Yet again, we see him turning his back on his word when it comes to Senate process.”
Jaycox also said that the cyber hack that of the Office of Personnel Management that was disclosed last week would not have been prevented by the sharing of information about cyber threats.