CISA May Take Years if Not Passed During Lame-Duck Session, Rogers Says
If the Cybersecurity Information Sharing Act (CISA) (S-2588) doesn’t pass Congress this year, it will be 18 to 24 months before another cyber info sharing bill gets this close, said House Intelligence Committee Chairman Mike Rogers, R-Mich., during a Bloomberg Government event Wednesday. Senators and administration officials reiterated their support for some type of info sharing bill at the event and in a Senate hearing Wednesday, but the House-passed and Senate Intelligence Committee-cleared CISA measure has slim chances of passing in 2014, lawmakers said.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
The negative prognosis is not a surprise, given signaling from observers over the summer that the bill’s only chance would be during the already jam-packed, lame-duck session (CD July 30 p9). “At this point in time going into the election, I see no chance that the bill will come up until lame duck,” said Senate Intelligence Committee Vice Chairman Saxby Chambliss, R-Ga., who worked with Senate Intelligence Committee Chairwoman Dianne Feinstein, D-Calif., on CISA. However, with the crowded post-Nov. 4 agenda, “that 30-day period is going to have to be seven or eight months to get it all done,” he said. “But there’s no more important legislation.”
If there is no CISA movement before Dec. 31, “the clock completely starts over,” Rogers said. It will take at least 18 months of new conversations to get a cybersecurity info sharing bill “to anywhere close to where we are today,” he said. The consequences could be dire, he said. “We better get it done in lame duck or we're going to have a major catastrophic event in the next 18 months."
The Senate Intelligence Committee approved CISA by 12-3 over some Democratic senators’ objections, privacy group’s reservations and a possible White House veto threat (CD July 9 p14). White House Cybersecurity Coordinator Michael Daniel said Wednesday that the administration does want a cyber info sharing bill, but stopped short of endorsing or opposing the existing bill. “I think everybody agrees we need legislation in this space,” he said. “If possible,” he said, the White House would like to see action in the lame duck. The Senate bill is seen as having more privacy protections than its House equivalent, an area of concern for the White House (CD June 26 p8).
Administration officials from the Department of Homeland Security (DHS) pushed for cybersecurity info sharing legislation during a Senate Homeland Security and Governmental Affairs Committee hearing Wednesday. “You have come so far and the threat is so great,” said Suzanne Spaulding, DHS undersecretary for the National Protection and Programs Directorate. Congress must finish its work on legislation “making it easier for DHS and the private sector to work together to mitigate cyber-related vulnerabilities.” Committee Chairman Tom Carper, D-Del., said, “I think we can improve the bill that came out of the Intelligence Committee.” Before the year is out, “my hope is” the Senate can pass a cyber info sharing bill, said Carper.
Congressional divides should not stop needed, consensus legislation, Spaulding said. “While deliberations continue on other elements of cybersecurity legislation, we should not wait to pass bipartisan and broadly-supported legislation,” she said. “I urge congress to pass what it can now, even as we continue to work hard on remaining provisions."
Rogers agreed. Congress can table discussions like the level of public cyber info disclosure required for companies until after a baseline bill is passed, he said. “You can probably have that discussion after you have a framework of real-time liability information sharing,” he said. “Then you can start talking about some disclosure.”