Portman Eyes Compromise on House-Senate Cyber Language

His support bodes well for Senate and House counterparts coming together to pass incident reporting language lawmakers have pursued for years. The Senate unanimously passed its own cyber package last week, which included the Cyber Incident Reporting Act (CIRA) from Portman and Senate Homeland Security Committee Chairman Gary Peters, D-Mich.

The House passed the Cyber Incident Reporting for Critical Infrastructure Act with its omnibus package Wednesday. House Homeland Security Committee Chairman Bennie Thompson, D-Miss., applauded passage with ranking member John Katko, R-N.Y., House Cybersecurity Subcommittee Chair Yvette Clarke, D-N.Y., and House Cybersecurity Subcommittee ranking member Andrew Garbarino, R-N.Y.

The Senate was nearing a deal on including language in the National Defense Authorization Act in December before negotiations fell apart (see 2112130062). Portman told us he supports what passed in the House, though he would like to reach agreement with House lawmakers about the two additional cyber bills the Senate passed unanimously. “We’d like to do more, and we still think we can,” he said. “We need to work out some issues with the House on the other two bills.” CIRA is the “most important” bill for private sector critical infrastructure, “which is obviously a major concern right now,” he said.

Senate Intelligence Committee Chairman Mark Warner, D-Va., expressed optimism Congress will pass incident reporting language during a threat assessment hearing Thursday with the CIA, FBI, NSA, Defense Intelligence Agency and the Office of the Director of National Intelligence. He noted only 30% of cyber incidents are reported to the government, a number that needs to increase if the U.S. is to address threats from Russia and China, he said.

Warner cited the need to compete with China on the technology front, particularly in relation to 5G, semiconductors, social media and high-performance computing. Whoever wins the technology race will lead in economic dominance, he said. Nothing will matter more for the CIA's future than competing with adversaries on the tech front, said CIA Director William Burns. Ranking member Marco Rubio, R-Fla., also highlighted Russian cyberthreats and social media disinformation.

Sen. Ron Wyden, D-Ore., pressed Burns about the CIA’s alleged mishandling of data, using authority under executive order 12333 (see 2202110038). Wyden asked Burns to commit to requiring CIA analysts to write requests for searches on Americans so those searches can be reviewed. Burns agreed. He told Wyden the CIA will review current procedures, ensure all systems are compliant with DOJ guidelines and report back in six months. “Let’s see if we can speed it up because we’ve been waiting a long time for this one,” said Wyden.

Wyden asked if it would be wise for U.S. phone carriers to block roaming requests from Russian phone networks, citing reports that Russians are using roaming vulnerabilities to spy on Americans. Director of National Intelligence Avril Haines told Wyden she asked staff about this and is willing to explore the issue further. Officials need to fully understand the consequences of such blocking first, she said.

Intelligence officials agreed that Russia’s potential use of cryptocurrency to skirt around financial sanctions has been overestimated. Sen. Martin Heinrich, D-N.M., zeroed in on the topic during questions. Russian use of cryptocurrency is “highly overestimated,” said FBI Director Christopher Wray. What Russia would need to circumvent sanctions is access to fiat currency, which is more challenging, he said: There have been important seizures and efforts that have exposed the vulnerability of using crypto. Haines noted Russia’s currency lost about 40% of its value since President Vladimir Putin ordered the invasion of Ukraine. Putin made "profoundly false" assumptions about his currency reserves and the belief that his economy is sanction-proof, said Burns.