The Senate Intelligence Committee is expected to introduce legislation next week that would help the public and private sectors share information about cyber threats, sources tell The Hill.
A draft of the bill is now being circulated, according to multiple people, in anticipation of a markup being held in the coming weeks.
{mosads}Although the details of the bill are still being finalized, it will likely resemble the controversial Cybersecurity Information Sharing Act (CISA), which came close to passing the last Congress. Several industry groups and lobbyists said the new bill includes updated language to ameliorate some of the privacy concerns that derailed the measure last year.
Sens. Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.) — the Intelligence Committee’s top two members — are likely behind the new bill, sources say.
CISA was intended to facilitate a cyber threat data exchange between private companies and intelligence agencies by giving legal liability protections to the companies that share information.
Both industry groups and government officials argue such an exchange is necessary to prop up the country’s faltering cyber defenses.
“There’s only one way to defend America from these cyber threats, and that is through government and industry working together, sharing appropriate information as true partners,” President Obama said at a White House cybersecurity summit last Friday.
A rash of high-profile breaches across the public and private sectors have raised pressure on lawmakers to pass legislation enabling data sharing.
But privacy advocates worry the National Security Agency (NSA) might abuse sensitive data obtained under such an arrangement. They have insisted on reining in NSA authority before moving on a CISA-type bill.
When the Senate was unable to move forward with an NSA reform bill in November, CISA was largely considered dead.
The cyber bill’s 2015 iteration is sure to generate a new round of controversy, despite its enhanced privacy provisions.
Lawmakers face a looming June 1 deadline to reauthorize sections of the Patriot Act that authorize the NSA’s most controversial surveillance programs. Several senators are expected to use the deadline as leverage to try and curb the NSA’s authority.
The outcome of that debate could make or break the Intelligence committee’s cyber bill.
The measure will face other hurdles as well.
The White House has been making a big push to put the Department of Homeland Security (DHS), not the intelligence community, at the center of the public-privacy cyber data exchange program. The move is a nod to privacy advocates, who would prefer a civilian agency like the DHS at the head of the government’s information-sharing efforts.
The administration released its own legislative proposal in January, and Obama last week signed an executive order to make the offering more attractive to lawmakers.
Sen. Tom Carper (D-Del.), ranking member on the Senate Homeland Security and Governmental Affairs Committee, has already introduced a bill that closely mirrors the White House proposal.
The committee’s chairman, Sen. Ron Johnson (R-Wis.), has said he wants to wait and see the Intelligence committee’s bill before moving forward with anything in his committee.
The dual path approach has left many wondering whether a final info-sharing bill will be some combination of the two measures or if one will win out over the other.
The Intelligence Committee bill and markup could help provide some answers.