The top House Intelligence Committee members are holding out hope for a lame-duck passage of a bill the allow the National Security Agency (NSA) and private sector to exchange cyber threat information.
Without a bill, “it’s like being able to see Hurricane Sandy heading up the East Coast, but not being able to warn anyone that it’s coming,” said Rep. Dutch Ruppersberger (D-Md.) , the committee’s ranking member, during a hearing Thursday.
Ruppersberger and Chairman Mike Rogers (R-Mich.) brought NSA Director Michael Rogers before the committee to make a final plea in the lame-duck for lawmakers to pass a cyber information-sharing bill before the year is out.
“I’m hoping this hearing can help focus members’ attention,” Rep. Rogers said.
“We need a legal framework that enables us to rapidly share information,” the NSA director said.
The Senate is currently considering a bill, the Cybersecurity Information Sharing Act (CISA), that would create protections for companies wanting to exchange cyber information with the NSA.
It’s the upper chamber’s version of Rogers’s House-passed bill.
Industry and intelligence officials believe the measure is necessary to properly understand and thwart the growing number of cyberattacks. Without legal protections, the private sector is concerned about penalties and lawsuits for disclosing its cyber information.
Privacy advocates remain wary about the bill’s lack of prohibitions on collecting personal data.
“How can we assure Americans that their personal information is not being read or collected or used by the NSA?” Rep. Rogers asked the NSA chief.
“This is about computer network defense, not about intelligence,” NSA’s Rogers replied.
Collecting personal data would introduce legal restrictions “that will slow us down,” he added. “That would be a negative for us.”
What’s more, the NSA doesn’t want or have access to private sector networks, the director assured lawmakers.
Chairman Rogers jumped on that point.
“I think that is so important,” he said. “I think people believe the NSA is on their private-sector networks.”
Those answers have not been satisfactory for privacy groups, who want restrictions on the collection of personal data built into the bill and not simply promised by government officials.
Regardless, both the bill’s supporters and detractors mostly agree CISA has little to no chance in the lame-duck session without a bill first to reform the NSA’s surveillance activities.
For them, the Senate vote Tuesday to not advance an NSA reform bill sealed the fate of CISA in this Congress.
Rogers and Ruppersberger were adamant a cyber information-sharing bill should still move.
Leaders from both chamber’s Intelligence committees have been meeting regularly, Ruppersberger said.
They’re “so close to an agreement that protects privacy and our economy and our national security,” Rep. Rogers added.
Inaction will leave the country exposed, Ruppersberger cautioned.
“The threat is not going to wait.”