Just one week after the government revealed a staggering breach of federal computer networks, Republicans and Democrats in the Senate are on a collision course over cybersecurity legislation that would bolster information-sharing between private firms and the government.
Majority Leader Mitch McConnell, R-Ky., is pushing the measure as an amendment to a defense authorization bill currently pending on the floor -- a move that limits the ability of Senate colleagues to tweak the cyber proposal, which overwhelmingly passed the Senate Intelligence Committee earlier this year.
The Cybersecurity Information Sharing Act offers incentives -- such as liability protection -- for private companies that voluntarily share hacking threats with the federal government.
While spending levels in the underlying defense policy bill have partisan lines drawn, cybersecurity is an area that traditionally sees a good deal of bipartisan cooperation, and Senate GOP leadership is counting on the recent hack of Office of Personnel Management (OPM) computers to bring Democrats to the table despite their privacy concerns.
“The massive cyberattack Americans just read about reminds us all of the need for action on this issue," McConnell said on the floor Wednesday. "The bipartisan cybersecurity measure that passed out of the Intelligence Committee with the support of every single Republican and every single Democrat but one, 14 to 1, will increase the ability of the public and private sector to share information and make us safer."
Senate Intelligence Committee Chairman Richard Burr, R-N.C., and other supporters have touted CISA as a bipartisan solution that would better equip the U.S. in the fight against massive data breaches, such as the ones suffered by major retailers like Target and Home Depot in recent years.
But even the bipartisan Senate bill sparked concerns among privacy-minded senators, including Sen. Ron Wyden -- the sole "no" vote in committee – and Democrats plan to try and block the amendment.
"If information-sharing legislation does not include adequate privacy protections, then that's not a cybersecurity bill -- it's a surveillance bill by another name," the Oregon Democrat said in March. "Strong cybersecurity legislation should make clear that government agencies cannot order U.S. hardware and software companies to build weaker products, as senior FBI officials have proposed."
Wyden and other critics were hoping to amend the CISA bill – something that’s less likely if it isn’t being considered as standalone legislation. Indeed, even Democratic backers of the bill object over McConnell’s procedural tactics, which come more than a week after the Senate failed to reauthorize the Patriot Act amid fallout over privacy issues.
“Like the American people, Senate Democrats believe that we must balance our national security interests with preserving and protecting Americans’ civil liberties,” Senate Democratic Leader Harry Reid and three of his lieutenants wrote in a letter to McConnell this week urging the Republican to bring the cyber bill to the floor as a standalone piece of legislation. “This is a pure political ploy that does nothing to advance America’s national security.”
Beyond avoiding a thorny amendment debate, tying the cyber issue to the defense policy bill could give McConnell more leverage in the wake of President Obama’s threat to veto the underlying legislation over separate budgeting objections. That’s especially true in the wake of the OPM hack, which has U.S. officials pointing the finger at China.
While it isn’t clear the CISA bill would have prevented that breach, which reportedly affected as many as 4 million current and former government employees, lawmakers have demanded a swift and forceful response.
“If true, this breach joins an already lengthy and well-documented record of Chinese intellectual property theft and cyber-espionage against the U.S. government and American companies,” said Sen. John McCain, R-Ariz., who as chairman of the armed services panel is managing the floor debate over the defense authorization bill. “We cannot sit idly by, accepting a situation in which persistent cyber-attacks and data insecurity are the new norm. … It is long past time for Congress to finally pass legislation that allows for the sharing of information on cyber threats.”
The House passed a similar cybersecurity bill in April. Unless senators agree to expedite the process, the first procedural test in the upper chamber will be a cloture vote on the CISA bill Friday.
Capitol Attitude is a weekly column written by members of the Fox News Capitol Hill team. Their articles take you inside the halls of Congress, and cover the spectrum of policy issues being introduced, debated and voted on there.