Cybersecurity Bill May Still Pass This Year, Key Lawmakers Say

WASHINGTON — Although time is running out for the Senate to take up pending cybersecurity legislation before the end of the year, key lawmakers said they are still hopeful it could be enacted soon in the wake of several prominent breaches.

Sen. Saxby Chambliss, R-Ga., the lead Republican on the Senate Intelligence Committee, said he's "cautiously optimistic" the chamber can take up his information-sharing bill with Chairman Diane Feinstein, D-Calif., in the lame-duck session and then work with House members to reconcile competing legislation.

"They have passed a bill out of the House. If we can get our bill out of the Senate, we're prepared to conference it immediately and get it to the President's desk," Chambliss said at a cybersecurity event on protecting the payments system hosted by the Merchant Financial Cyber Partnership and Bloomberg Government.

Advocates say the Feinstein-Chambliss bill would encourage greater sharing of information between the federal government and the private sector, in part by better protecting participants from lawsuits, though critics continue to warn the legislation does not go far enough to protect individuals' personal information. The bill passed the Senate Intelligence panel by a vote of 12-3 in July.

The House, meanwhile, approved its own information-sharing bill last year, the more controversial Cyber Intelligence Sharing and Protection Act, which some warn contains fewer privacy protections for consumers.

Chambliss, who is set to retire at the end of the year, said that he's deferring to Feinstein to work with Senate Majority Leader Harry Reid on a vote, warning that they face an uphill battle given the number of competing priorities facing Congress after the elections.

"Unfortunately, with everything I've heard that's got to come up during the lame duck, that 30-day period is going to have to be about seven or eight months," Chambliss said.

The legislative push comes after a fresh round of breaches have come to light in recent weeks, including cyberattacks at JPMorgan Chase and Home Depot. Meanwhile, Apple is facing its own troubles this month, after hackers obtained compromising photos celebrities apparently had stored on its systems.

The Apple breach in particular could help the issue hit closer to home for consumers, said Rep. Mike Rogers, R-Mich., chairman of the House intelligence panel and author of CISPA.

"This woke up a whole new generation of Americans who said, 'hey wait a minute, someone hacked into these people's accounts,'" he said.

Rogers also noted that one of the difficulties of engaging the public is that the costs of data breaches are often not transparent to consumers who don't pay for theft or card replacements in the wake of a breach.

Those pushing for greater cybersecurity protections need to emphasize that "your credit cards will cost you more, and the products you buy will cost you more, because of these criminal enterprises," he said.

Rogers, who is also retiring at the end of the year, warned that if information-sharing legislation doesn't make it into law this year, the process could be slowed for months, if not years.

"This is my fear — Dec. 31 rolls along, Congress is out, all of this starts over. The clock completely starts over," he said. "I'm as nervous about this as I am about a lot of things, including nuclear counter-proliferation. But if we don't do this, you're buying yourself another 18 to 24 months of problems."

Michael Daniel, special assistant to the president and cybersecurity coordinator for the White House, added that the Obama administration remains encouraged by the efforts in Congress.

"We are very supportive and have tried to work very carefully and closely with several of the committees … to get cybersecurity legislation across the finish line that the President can support," he said.

He added that additional "legislative priorities" for the White House include a national data breach notification requirement and updates to laws around the government's own cybersecurity practices.

For reprint and licensing requests for this article, click here.
Law and regulation
MORE FROM AMERICAN BANKER