Lawmakers seeking to reach a compromise between the House and Senate on a major cybersecurity bill are edging closer to a deal — but may not be able to complete it until next year, according to several people with knowledge of the negotiations.
House and Senate lawmakers are holding unofficial meetings to hash out differences on legislation that would encourage businesses to share more data on hackers with the government.
Several people said the two sides may soon move to an official conference to produce a compromise bill.
{mosads}“I’m pleased with where we are,” Senate Intelligence Committee Chairman Richard Burr (R-N.C.) told The Hill on Thursday. Burr is a main co-sponsor of the Cybersecurity Information Sharing Act (CISA), the upper chamber’s recently passed bill.
“We have every reason to believe that no later than the first of the year we’ll have a proposal out there that has pretty good support on both sides,” he added.
Since CISA’s passage in October, Senate staffers have been unofficially meeting with their House counterparts to try and merge each side’s offerings.
The House passed two complementary cyber measures back in April, one from the Intelligence Committee and another from the Homeland Security Committee.
A number of issues have held up the start of an official conference, including the terror attacks in Paris and Congress’s work on an intelligence authorization bill.
“We’re working through the authorization bill at the same time we’re doing CISA,” Burr said. “We can’t do them both at the same time.”
But lawmakers in the House and Senate Intelligence committees have now agreed on a conference version of the authorization bill, which the House overwhelmingly passed this week. The Senate is expected to follow suit shortly, clearing a path for CISA.
Several people involved in the negotiations confirmed that considerable progress had been made in recent weeks on the cyber bill through informal meetings.
But they cautioned that the two sides still had some contentious issues to work through, including choosing which bill’s privacy language to use.
Privacy advocates favor the text in the House Homeland Security bill. But that measure might be the odd man out in the conference, since the two Intelligence committees have similar bills that are easier to combine, several observers noted.
A CISA clause from Sen. Susan Collins (R-Maine) could be another sticking point.
Collins’ provision would require the Department of Homeland Security (DHS) to assess the cybersecurity readiness at roughly 65 companies behind the nation’s infrastructure, and develop a plan for preventing a “catastrophic” cyberattack.
Eight senators on Monday wrote the House and Senate co-sponsors of the companion cyber bills, encouraging them to include the line in the final bill and responding to a coalition of industry groups arguing the provision would create “de facto regulatory mandates.”
The passage, they said, “is not counter to the overall voluntary nature of [the cyber bill], and it does not impose new incident reporting requirements.”
Sens. Ron Wyden (D-Ore.) and Dean Heller (R-Nev.) have also both vowed to push for final language that more closely reflects a number of privacy advocate-favored amendments that fell just a few votes shy of passing on the Senate floor.