Legislative efforts to strengthen the nation's cyber defenses are shifting to the U.S. Senate after passage of a controversial bill by the House of Representatives.
The House on Thursday passed the Cyber Intelligence Sharing and Protection Act, or CISPA, by a vote of 288 to 127, which would authorize the National Security Agency and other intelligence agencies to share information about digital threats with owners of financial networks, energy grids and other critical infrastructure.
The legislation also would shield companies that exchange information with the government and one another from legal liability that many firms say currently deters such sharing.
Senators said after the House vote on Thursday that legislation to bolster protections for critical infrastructure from cyber threats remains vital. However, the senators added they hope to hammer out an agreement on a bill that would address cyber threats while overcoming what opponents of CISPA say are the measure's shortcomings.
"Today's action in the House is important, even if CISPA's privacy protections are insufficient," Commerce Committee Chairman Jay Rockefeller, D-W.Va., said in a statement. There is too much at stake — our economic and national security — for Congress to fail to act."
Sen. Saxby Chambliss, R-Ga., the top Republican on the House Intelligence Committee, told The Hill he is working with Chairman Dianne Feinstein, D-Calif., on a bill to ease sharing of information about cyber threats but said the senators are "not there yet" on its completion.
The American Bankers Association and other business groups backed CISPA, which they say is needed to enable them to obtain timely information about cyber threats that they need to know.
Civil liberties groups charge that CISPA lacks safeguards to protect people's personal information. The White House has threatened to veto the measure, citing privacy concerns, but says it stands ready to work with Congress to pass a cybersecurity bill.
That means the legislative focus shifts to the Senate, which twice last year defeated a cybersecurity bill after business groups opposed it, citing concerns over the security of data and how companies were expected to handle security breaches.
In January, Rockefeller joined with Homeland Security Committee Chairman Tom Carper, D-Del., and Feinstein to propose a cybersecurity measure.
"I believe we can gain bipartisan agreement on bills that we can report out of our committees and allow [Majority Leader Harry Reid] to bring them to the Senate floor as early as possible," Rockefeller added.
Carper acknowledged efforts by the House to address privacy concerns in connection with CISPA, although he said he hopes to tighten privacy safeguards further in the Senate.
"My colleagues in the House have worked to address some of the concerns raised regarding CISPA — and I recognize and appreciate that effort — but there are still a number of issues that remain, particularly regarding privacy, as well as broader concerns about how to comprehensively address the cyber threat we face," Carper said in an e-mailed statement.
Carper added that the hopes "to be able to partner with my House colleagues in the coming weeks and months as we move forward with this important effort."
Critics of CISPA are turning their attention to the upper chamber too.
"We will work with Congress to make sure that the next version of information sharing legislation unequivocally resolves this issue, as well as tightens immunity provisions and protects personal information," Michelle Richardson, legislative counsel at the Washington, D.C. office of the American Civil Liberties Union, which opposed CISPA, said in a statement. "Cybersecurity can be done without sacrificing Americans' privacy online."
The Electronic Frontier Foundation, another opponent, sounded a similar note. "We're committed to taking this fight to the Senate and fighting to ensure no law which would be so detrimental to online privacy is passed on our watch," the group told supporters in a statement following the House vote.
Senate staff on Friday declined to speculate about the timing for action, which Rockefeller in January called a priority for this year.