Cybersecurity

‘We’re close’ on cyber bill, says Intel chairman

The final text of the Senate Intelligence Committee’s major cybersecurity bill could be released Monday night or Tuesday morning, Committee Chairman Richard Burr (R-N.C.) told The Hill.

“We’re real close,” he said off the Senate floor.

The Cybersecurity Information Sharing Act (CISA) would give legal liability protections to private firms sharing cyber threat data with the government. It advanced out of committee on Thursday by a 14-1 vote.

{mosads}The bill, intended to help companies stem the rising tide of cyberattacks, has been a top priority for industry groups and many lawmakers on both sides of the aisle.

Privacy advocates are anxious to see if Burr and ranking Democrat Dianne Feinstein (Calif.) followed through on a promise to address many of the privacy concerns raised by a CISA discussion draft.

“I’ve made it very clear,” Sen. Patrick Leahy (D-Vt.) told The Hill on Monday. “If my concerns are not answered, then I’m going to have to vote against it.”

The Intel panel adopted at least parts of 12 privacy-focused amendments during the bill’s markup.

“We have bent over backwards to provide those things in the bill that we thought were meaningful and important” to privacy advocates, Feinstein told reporters after the vote.

In recent weeks, Feinstein worked closely with Leahy and Sen. Tom Carper (D-Del.), who both expressed reservations to the committee about CISA’s privacy provisions.

At the heart of debate is how companies should share cyber data with the government. Privacy advocates are concerned about the intelligence community — and the National Security Agency (NSA) in particular — using the greater flow of data to collect more sensitive information on Americans.

Both Leahy and Carper took a wait-and-see approach on Monday. Neither have seen the final text, they said.

“They have incorporated some of those changes,” Carper told The Hill. “I’ll take a look to see what else we think needs to be done.”

Feinstein and Burr said they’ve addressed many of Leahy and Carper’s worries in CISA’s final language.

Notably, CISA will not allow electronic, real-timesharing with intelligence agencies. Instead, companies will be heavily incentivized to go through the Department of Homeland Security (DHS), a civilian agency seen as having better privacy oversight.

Carper, the top Democrat on the Senate Homeland Security and Governmental Affairs Committee, is backing his own cyber info-sharing bill that would put the DHS at the center of nearly all public-private cyber data exchanges.

“We’re grateful for their interesting in taking up our ideas,” Carper told The Hill on Monday.

Carper mentioned that CISA was DHS-centric enough that if it had been introduced “as a standalone bill, it would be assigned” to his committee.

Leahy cautioned that CISA will have to win over privacy advocates in the Senate in order to pass. The Intelligence Committee is pushing to get a floor vote on the bill by mid-April.

“I think there’s a bipartisan coalition for more privacy,” said Leahy, the Judiciary Committee’s ranking member. “Senator Feinstein has been very good at keeping in touch with us and we’ll see.”