Lawmakers open to Obama’s cyber proposal

Lawmakers leading the charge on cybersecurity mostly praised the president’s newest proposal Tuesday to enhance cyber threat information sharing between the government and private sector. 

“While it took an attack on Hollywood for the president to reengage Congress on cybersecurity, I welcome him to the conversation,” said Michael McCaul (R-Texas), House Homeland Security Committee chairman, who has previously pushed a bill that closely resembled the White House’s proposal.

{mosads}Congress has spent years going in circles on cyber info sharing measures, with a lack of public awareness and privacy concerns stalling various efforts.

That’s changed with the hacking of Sony Pictures and publicity surrounding the film “The Interview,” which has raised new awareness about cybersecurity threats while increasing the chances of movement on legislation.

The White House’s suggested bill would give companies legal liability protection to share limited types of cyber threat data with the Department of Homeland Security (DHS).

It’s part of a larger legislative package the administration rolled out this week that aims to create federal standards for data breach notifications, enhance student data privacy and toughen penalties on common cyber crimes.

But it’s the administration’s information-sharing offering that could most dramatically affect lawmakers’ efforts on the issue. 

Congress has floated two main types of information sharing legislation in recent years. One enables an exchange between the private sector and DHS. The other facilitates a private sector exchange with the National Security Administration (NSA).

An NSA-focused bill, the Cybersecurity Information Sharing Act (CISPA), came close to passage last year, clearing the House before stalling in the Senate over privacy concerns.

Rep. Dutch Ruppersberger (D-Md.), the former House Intelligence Committee ranking member, reintroduced the bill on Friday. On Tuesday, Ruppersberger said Obama’s measure “looks a lot like” CISPA.

“I agree with much of the president’s proposal, but there are several outstanding issues that must be addressed,” he said. “It is now up to Congress to work though the differences between these proposals, which share a common end-goal.”

Sen. Dianne Feinstein (D-Calif.), the former Senate Intelligence Committee chairwoman, who backed a Senate version of CISPA — known as the Cybersecurity Information Sharing Act (CISA) — said she would work to resolve the two proposals as well.

“I’m hopeful that [Senate Intelligence Committee] Chairman Burr and I can see how last year’s bill compares with the president’s proposal and get a new bill introduced as soon as possible,” she said. 

Having the administration’s weight behind a DHS-centric bill might give some life to McCaul’s original vision.

Last Congress, McCaul was behind a number of small-bore cyber bills that codified DHS’s cybersecurity role. It also put in writing the roles of the DHS’s cyber information sharing center, the National Cybersecurity and Communications Integration Center (NCCIC).

A White House official cited that bill and the “clear concept of the DHS portal” as a major reason they were able to put forth their offering.

McCaul is a proponent of having the NCCIC be the middle man for all cyber threat info sharing that occurs within the government and between the government and private sector. He said Tuesday his committee working on legislation to make that a reality.

 “As a civilian interface, with robust privacy protections, the NCCIC is set up to protect Americans’ privacy and civil liberties while providing a safe harbor for private entities to share cyber threat information,” McCaul said.