Senate Cybersecurity Path Unclear as Obama’s CISPA Veto Threat Looms

Despite the threat of a presidential veto, the House passed HR-3523, the Cyber Intelligence Sharing and Protection Act (CISPA), late Thursday by a 248-168 vote. The House rounded out its “cyberweek” by also passing the Federal Information Security Amendments Act (HR-4257), the Cybersecurity Enhancement Act (HR-2096), and the Advancing America’s Networking and Information Technology Research and Development (NITRD) Act (HR-3834). The bills aim to enhance protections and improve procedures around the Federal Information Security Management Act; increase U.S. cybersecurity research and development; and strengthen agency participation in the National High-Performance Computing Program.

A broad swath of industry groups lauded the House’s “light touch” approach to cybersecurity and urged the Senate to push ahead its own cybersecurity bills, including TechAmerica, the Telecommunications Industry Association (TIA), NCTA, USTelecom and the Business Software Alliance. “There is a reasonably good chance that [CISPA] will get to the president’s desk,” an industry source told us Friday. “I honestly believe that Lieberman and McCain and others can convene and come up with an approach where there is a bipartisan majority.”

But compromise between the executive and legislative branches over the issue of cybersecurity standards for critical infrastructure has been elusive, leading another industry official to tell us CISPA’s House passage is the “end of the road” for cybersecurity in the 112th Congress. The partisan tone of last week’s debate “doesn’t bode well for future prospects,” the official said: “We're expecting that nothing is going to happen.”

"I hope it’s not the end of the road,” TIA Vice President-Government Affairs Danielle Coffey told us. “I hope that what was agreed to by a majority of the House would be welcomed at the table of any conference,” she said: Senate Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman, I-Conn., “is focusing more on protecting critical infrastructure. Hopefully a marriage on that interest and the information sharing piece will be compatible.”

President Barack Obama’s “all or nothing” approach to cybersecurity has “ensured failure” of Congress’s attempt to secure the nation from cyberattacks, said a spokesman for Sen. Lisa Murkowski, R-Alaska, Friday. The spokesman said he didn’t think the Senate Cybersecurity Act (S-2105) would be able to net the 60 Senate votes required for passage. Lieberman is a co-sponsor of S-2105, along with Ranking Member Susan Collins, R-Maine, Senate Commerce Committee Chairman Jay Rockefeller, D-W.Va., and Senate Intelligence Committee Chairman Dianne Feinstein, D-Calif.

Lieberman threw cold water on the House bills, saying they lacked adequate protections for critical infrastructure. “We are troubled House leaders blocked consideration of protections for critical infrastructure systems, ignoring the advice of our military and intelligence leaders as well as most cybersecurity experts,” he said in a statement. “These systems are at risk -- no one contests that -- which means the American people are at risk."

But the House “wouldn’t have pushed so hard if we thought this was the end of the line,” said a spokeswoman for House Select Committee on Intelligence Ranking Member Dutch Ruppersberger, D-Md., a CISPA sponsor. “We made a lot of changes so that once we get this in the Senate we can make this a better bill. We wouldn’t have wasted political capital to get it to the end of the line.”