On September 10, 2014, amid recent high-profile breaches, Senate Intelligence Committee Vice Chairman Saxby Chambliss and House Intelligence Committee Chairman Mike Rogers renewed their calls for Congress to pass cyberinformation sharing legislation before the end of this Congress. At a payment security event hosted by Bloomberg Government and the Merchant-Financial Cyber Partnership, Chambliss and Rogers—both of whom are retiring from Congress this year—warned that the window is closing to get a bill signed into law this year. White House Cybersecurity Coordinator Michael Daniel, who also attended the event, echoed the same sentiment.
Outlook on Cybersecurity Legislation This Year
Chambliss stated that he sees "no chance the bill will come up until the lame duck," and even then, it will be a challenge given all the other bills that must be considered. He noted, however, the ball is in the Senate's court: "If you've ever dealt with [Intelligence Committee Chairman] Dianne Feinstein, Dianne is pretty forceful in her conference, and I'm leaving Senator Reid to her."
Rogers struck a similar tone and warned against complacency: "We're in a cyberwar, and we're losing. We don't have a sense of urgency on this the way we need to have a sense of urgency on this. We're in a cyberwar today. The Russians know it. The Chinese know it. The Iranians know it. The North Koreans know it. The cybercriminals know it. We just don't know it."
Status of Cybersecurity Bills
Both the Senate Intelligence Committee and the House have passed bipartisan information sharing bills aimed at providing private sector companies, who are often on the front lines of cyberattacks, with liability protection for sharing cyberthreat information with each other and with the government. While the bills have some similarities, they approach how information may be shared with the government and the type of liability protection offered for authorized activities differently. The White House has threatened to veto the House bill, citing—in part—concerns about privacy and the scope of liability protections. The information sharing bills join other, less controversial cyber-related bills that have passed the House or been reported by the Senate Commerce Committee or the Senate Homeland Security and Government Affairs Committees—but have yet to be taken up in the full Senate.
Companies across all sectors that use or rely on data could be impacted by cyber incidents. These companies have a stake in this legislation and should monitor its progress to ensure there are strong incentives and solid legal protections for sharing cyberthreat information.