House Homeland Security Committee Approves National Cybersecurity Protection Advancement Act
The House Homeland Security Committee unanimously approved the National Cybersecurity Protection Advancement Act (HR-1731) Tuesday, making it the third cybersecurity information sharing bill passed out of a House or Senate committee since the beginning of the year. Leaders of the House and Senate Homeland Security and Intelligence committees have said they want a combined bill that marries elements of HR-1731, the Protecting Cyber Networks Act (HR-1560) and the Cybersecurity Information Sharing Act (S-754). HR-1560 and S-754 are companion bills that focus on information sharing between the private sector and the U.S. intelligence community, while HR-1731 focuses on establishing the Department of Homeland Security and its National Cybersecurity and Communications Integration Center (NCCIC) as the main portal for private sector-to-government cyber information sharing. An industry lobbyist told us the House intends to vote on HR-1560 by April 23, while Senate Majority Leader Mitch McConnell, R-Ky., said on the Senate floor Tuesday that S-754 is among a set of bills he wants to bring up for a full Senate vote “in the near future.”
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
House Homeland Security's endorsement of HR-1731 came after a lengthy debate over the bill's liability protections that ultimately resulted in the committee passing an amendment from Cybersecurity Subcommittee Chairman John Ratcliffe, R-Texas, that removed language that would have allowed companies to claim the protections if they were “acting in good faith.” Ratcliffe said the removal of the “good faith” language had the blessing of the House Judiciary Committee and its Chairman Bob Goodlatte, R-Va.
Both parties said the “good faith” standard was ambiguous, though House Democrats supported an amendment from subcommittee ranking member Cedric Richmond, D-La., to also remove language that would have allowed companies that failed to act on cyberthreat information to claim the protections. Richmond said the language effectively endorsed inaction on cyberthreat intelligence, while Ratcliffe and other committee Republicans said removing that aspect of the liability protection would have a “chilling effect” on companies' willingness to participate in the voluntary information sharing program.
Ratcliffe successfully pushed for an amendment that emphasized that the NCCIC program would be entirely voluntary and that NCCIC was neither a law enforcement agency nor a part of the U.S. intelligence community. “My amendment will allay the privacy concerns of many,” given continued concerns about controversial NSA surveillance programs made public beginning in 2013 by former NSA contractor Edward Snowden, Ratcliffe said. House Homeland Security Chairman Michael McCaul, R-Texas, praised the amendment as an “important clarification,” given the NSA leaks, saying HR-1731 doesn't authorize cybersecurity information shared with NCCIC to be used for law enforcement or surveillance purposes. Rep. Jim Langevin, D-R.I., separately attached an amendment that would clarify NCCIC's authority to cancel information sharing agreements with entities that repeatedly fail to remove personally identifiable information from the data it shares via the program.
The committee also defeated an amendment from committee ranking member Bennie Thompson, D-Miss., that would have caused HR-1731 to sunset after five years if Congress didn't reauthorize the bill. Thompson said a sunset provision would “help us assess what changes in the law might be necessary” given that technology and cyberthreats are likely to be substantially different in five years' time. McCaul echoed other committee Republicans when he said he opposed including a sunset provision in the bill because it could make the program look like a “pilot project,” which could be “highly damaging” to the private sector's enthusiasm for becoming involved in the DHS-centric sharing program. “It's important” for participating companies to know the program “will be around,” he said.
House Homeland Security did pass a separate amendment from Rep. Barry Loudermilk, R-Ga., that would sunset a bevy of oversight reports on aspects of HR-1731 seven years after the bill's enactment. Rep. Sheila Jackson Lee, D-Texas, and other committee Democrats objected to the amendment because the committee had rejected Thompson's amendment on a sunset for the entire bill, saying without a sunset the reports needed to continue indefinitely to aid in oversight.