(L to R) Sens. Gary Peters, D-Mich., and Mike Rounds, R-S.D., speak during the Aspen Cyber Summit Nov. 18. David DiMolfetta/Staff
By David DiMolfetta,
Cybersecurity Reporter, Nextgov/FCW
|
The Cybersecurity Information Sharing Act of 2015 got a temporary reprieve after the government reopened this month, but it risks lapsing again at the end of January.
A bill that would extend bedrock cybersecurity information-sharing authorities for another 10 years could see passage through one of the broader spending bills meant to fully fund the government, though the specific package it could be included in is unclear, senators said Tuesday.
The Cybersecurity Information Sharing Act of 2015 lapsed when the government shut down in late September. Congress temporarily revived it in the short-term funding bill that reopened the government through Jan. 30, restoring the authority only for the length of that stopgap extension.
During the shutdown, Sens. Gary Peters, D-Mich., and Mike Rounds, R-S.D., introduced a bill that would have kept the law active for another 10 years.
The senators told an audience at the Aspen Cyber Summit in Washington, D.C., that they were considering ways to get the measure — dubbed the Protecting America from Cyber Threats Act — included in a larger package.
Some of their options include a broader appropriations bill that will be needed to fund the government after January.
It “probably won’t be a standalone bill,” Peters said on stage. “We’re looking at every avenue that we can to get that in.”
“It’s a matter of: can you package it with other bills that are standing out there ready to go, that would be of similar nature — so you can put it all together into one package and spend two weeks on it?” Rounds told reporters on the sidelines of the conference. Two weeks was the estimated timeframe Rounds gave for a typical bill to make its way through the Senate.
He’s confident in a “supermajority” of support for the bill’s passage, despite ongoing misgivings from Sen. Rand Paul, R-Ky., the chairman of the Senate Homeland Security Committee, where Peters sits as ranking member.
“I have no doubt we’d have well over 60 [votes], well over 70, well over 80, probably well over 90 to do,” he said.
Paul’s misgivings are a product of his longstanding suspicion of the Cybersecurity and Infrastructure Security Agency and its purported infringement on Americans’ free speech when it collaborated with social media companies to call out mis- and disinformation.
Renaming the CISA 2015 extension to the Protecting America from Cyber Threats Act was designed, in part, to not conflate the cyberdefense agency housed within the Department of Homeland Security with the name of the info-sharing authority, Peters previously said.
Paul has previously proposed a different version of the bill that extends the law by just two years and jettisons a key legal clause that incentivizes companies to share threat information with the federal government.
The original 2015 law lets private-sector providers transmit cyber threat intelligence with government partners with key legal protections in place that shield such companies from lawsuits and regulatory penalties when circulating threat data to partners like the FBI or NSA.
“We visited with [Paul],” Rounds said. “You don’t put pressure on a member. What you have to do is to find a way to get it to the floor, to where you can overcome it with a 60-vote margin cloture vote. But that takes time,” he said.
“And that’s where a single member of the Senate has the ability to demand a cloture vote, but that means literally weeks in the process, and that’s what Senator Paul has chosen as the route forward — is to hold it until we include what he wants. Unfortunately, what he wants probably would kill the bill,” Rounds added.