In April the House of Representatives managed to push the Cyber Intelligence Sharing and Protection Act (CISPA) through the chamber, but shortly thereafter it stalled in the Senate. Leaders there said they weren't planning on taking the issue up, instead planning to focus on a number of separate bills to address issues related to cybersecurity concerns by the government and corporations.
A lengthy Reuters report, which was reprinted on Stuff, indicates that those rights groups who think the fight is over are sadly mistaken. The Senate is working on some sort of cybersecurity legislation and they are already talking to House members about how to compromise to get the job done. In some ways this could be a good thing if those compromises include stripping some of the provisions that threaten the personal security and privacy of every internet user in the United States, limiting the scope of who gets to see private information, and removing the blanket immunity from litigation that was given to corporations via CISPA. Sadly the chances of that happening are unknown, and the members of the Senate that are crafting cybersecurity legislation are not offering any indicators on what a bill coming out of that chamber might look like.
The Reuters report points out that, while CISPA will not be voted on in the Senate, cybersecurity legislation is being worked on there and the Obama Administration thinks the possibility of a bill that can be signed will happen later this year.
"I actually think that the outlook is significantly better than it was last year," the White House cybersecurity policy coordinator, Michael Daniel, told the Reuters Cybersecurity Summit in Washington this week. "What has impressed me has been the willingness of everybody involved to actually continue having those discussions and to continue that extensive level of dialogue trying to find some solutions."
He predicts that final cyber legislation might be seen by the fall.
"A lot of us are concerned about getting a good piece of cybersecurity legislation before something really bad happens. As a general rule, legislation that is produced immediately after a crisis is not as good as the stuff that can be done when it's more thought-out," he said.
There is movement in the Senate, but not on CISPA; on Wednesday, Senate Intelligence Committee Chairman Dianne Feinstein (D-CA.) said that the panel she chairs was drafting a version of an information-sharing bill. Congressional aides tell Reuters that lawmakers and staff have been regularly meeting on the issue, with one aide claiming that lawmakers were engaged in a "collaborative process to agree on multiple key elements to make the overall law stronger."
Representative Mike Rogers, chairman of the House intelligence committee and CISPA co-author, said key senators were "completely all in" on the need to pass a cybersecurity law and that the House and Senate could work out an agreement on at least an information-sharing bill. He added that a meeting to discuss cybersecurity issues was scheduled for this week – with more to follow between the House and the Senate.
Top administration officials like Homeland Security Secretary Janet Napolitano see the possibility of cybersecurity legislation happening because lawmakers have more information this time around. She told the Summit that there is a lot of working going on behind the scenes and that there are fewer concerns this time around. Of course rights groups would strongly disagree with that assertion.
Some, like Homeland Security Committee Chairman Tom Carper, think that cybersecurity legislation being put together does not go far enough. He would like to see more provision to protect critical infrastructure, secure federal agency networks, cyber workforce development and notification of data breaches.
While Homeland Security and some lawmakers are looking for legislative solutions, some private security firms think the answer lies with the private sector. Shane Shook, chief knowledge officer at Cylance Inc, thinks the private sector should organize information sharing itself.
Ira Winkler, president of the Information Systems Security Association, said he doubted any meaningful legislation would pass this year, barring a major cyber attack.
Ultimately lawmakers want to pass cybersecurity legislation, but the challenge that remains in the Senate is to craft legislation that takes into account the concerns of rights groups and Internet users and to get the House to agree to the changes…