Timeline for Senate Action on House-Passed DHS-Centric Cybersecurity Bills Is Unclear
The timing of any Senate action on the National Cybersecurity and Critical Infrastructure Protection Act (HR-3696) and three other cybersecurity bills the House passed Monday night remains unclear, said industry lawyers and lobbyists in interviews. The bills encountered virtually no opposition on the House floor, as expected (CD July 29 p9). The House passed HR-3696, the Critical Infrastructure Research and Development Advancement Act (HR-2952) and the Safe and Secure Federal Websites Act (HR-3635) on voice votes. It passed the Homeland Security Cybersecurity Boots-on-the-Ground Act (HR-3107) 395-8. HR-3696 codifies the Department of Homeland Security’s current cybersecurity role, while HR-2952 and HR-3107 are also DHS-centric. The Senate Homeland Security Committee has passed a few bills seen similar to these bills.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
The only criticism during debate over the bills came from House Homeland Security ranking member Bennie Thompson, D-Miss., and Rep. Yvette Clarke, D-N.Y. Thompson criticized “jurisdictional jockeying” for delaying full House consideration of HR-3696 “many months.” House Homeland Security was able to report the bill to the full House last week after striking a deal in which the House Oversight and Science committees waived their jurisdiction of the bill in exchange for removal of a section of the bill that would have given DHS authority over federal civilian networks. Clarke bemoaned the need for a deal, which she said was the “price the committee had to pay” to get HR-3696 to the floor.
House passage of the four bills could encourage Senate action on similar Senate Homeland Security-cleared legislation, said Danielle Coffey, Telecommunications Industry Association vice president-government affairs. Senate Homeland Security cleared the National Cybersecurity and Communications Integration Center Act (S-2519) and the Federal Information Security Modernization Act (S-2521) in June (CD June 27 p9). S-2519 deals with many of the items contained in HR-3696, Coffey said. The committee in May cleared the Department of Homeland Security Cybersecurity Workforce Recruitment and Retention Act (S-2354) (CD May 22 p8), which is similar to HR-3107, Coffey said.
Senate Homeland Security Chairman Tom Carper, D-Del., reported S-2354 to the full Senate July 14 with the inclusion of language from the Federal Cybersecurity Workforce Assessment Act (S-2372), but hasn’t yet reported S-2519. House passage of the four cybersecurity bills could “spur some interest” in the Senate, but it’s more likely that Senate leaders will push cybersecurity onto the post-midterm election lame-duck legislative session, said former FCC Public Safety Bureau Chief Jamie Barnett, a telecom and cybersecurity lawyer at Venable. Carper told us in a statement that “while our legislative approach differs in some areas, our colleagues in the House share our commitment to developing a long-term solution to enhance our nation’s cybersecurity efforts."
Eyes on Lame Duck
The pre-election legislative window is rapidly narrowing given Congress is set to adjourn Friday for a five-week recess, so many issues will get pushed onto the lame-duck, said Jessica Herrera-Flanigan, a lobbyist at the Monument Policy Group whose clients in Q2 included LinkedIn and Microsoft. Where cybersecurity fits in terms of legislative priorities if it’s pushed to the lame-duck will depend on what the Senate is able to accomplish before the election, she said. That closing window also makes the environment increasingly unattractive for the cybersecurity issue, so it might be more productive to wait until the 114th Congress convenes to reexamine the issue, Barnett said. “There’s probably a sweet spot right after the new Congress is seated but before the presidential campaign gets too far underway when you might see something."
The controversial Cybersecurity Information Sharing Act (S-2588) is also on the Senate’s legislative schedule. Senate Intelligence Chairwoman Dianne Feinstein, D-Calif., reported the bill to the full Senate on July 10. Although Feinstein has continued to promote S-2588 in the weeks since Senate Intelligence cleared it (CD July 9 p14 ) and it has some bipartisan support, it’s less likely that Senate leaders will take further action on the bill, Barnett said. “There’s still so much concern about the broadness of some of the corporate liability protections,” he said. “Privacy advocates have concerns about it, as well.”
Privacy groups’ criticism of the bill included a joint letter earlier this month from the American Civil Liberties Union, Libertarian Party and more than two dozen other groups urging President Barack Obama to veto the bill (http://bit.ly/1oHbw0z). “I just don’t think it has the necessary escape velocity to take off,” Barnett said. “If it can’t pass the full Senate, then obviously it won’t go to conference” with the House-passed Cyber Intelligence Sharing and Protection Act (HR-624).
S-2588’s prospects are “very tricky” given the vocal opposition from Sens. Mark Udall, D-Colo., and Ron Wyden, D-Ore., Coffey said. “I can’t say whether or not [Senate Majority Leader] Harry Reid would bring this to the floor,” she said. “I don’t know that I'd give it strong odds, but we're hoping for the best.” S-2588’s fate also depends on what Congress is able to deliver in terms of NSA surveillance reform, Herrera-Flanigan said. “They have to deal with the surveillance issue before they can accurately gauge what the appetite is for CISA.”