In statements released Thursday night, both President Barack Obama and DHS Secretary Jeh Johnson endorsed the Cybersecurity Information Sharing Act (CISA), which would incentivize businesses to share data about cyber threats with the government through a DHS-managed portal.
Despite criticisms from civil-liberties groups, security experts, and tech companies that its privacy mechanisms are insufficient—and that it gives companies legal immunity from lawsuits related to their sharing of data—CISA sailed through a preliminary vote on Thursday and is expected to pass on Tuesday afternoon after a day of amendment votes.
“There is an urgent and compelling need for cybersecurity legislation…”
“The Administration supports Senate passage of S. 754,” the White House said late Thursday, using CISA’s bill number, “while continuing to work with the Congress as S.754 moves through the legislative process to ensure further important changes are made to the bill, including, but not limited to, preserving the leadership of civilian agencies in domestic cybersecurity.”
The White House statement did express concern about an amendment from Sen. Tom Cotton (R-Ark.) to expand data-sharing channels beyond DHS to include the FBI and the Secret Service. Industry groups support this amendment because they already cooperate with those two agencies more than DHS, but the amendment is controversial because it would defeat the purpose of centralizing information sharing within DHS.
“The Administration will strongly oppose any amendments that would provide additional liability-protected sharing channels, including expanding any exceptions to the DHS portal,” the White House said.
Johnson, the Homeland Security secretary, did not mention Cotton’s amendment, instead saying, “As currently written, I support this bill.”
“There is an urgent and compelling need for cybersecurity legislation,” he added, “to strengthen our ability to protect the American public, American businesses large and small, and the federal civilian .gov system.”
The Homeland Security chief’s own cybersecurity practices have been in the spotlight in recent days after a hacker broke into his and CIA Director John Brennan‘s personal email accounts. DHS, like the Central Inelligence Agency, declined to discuss the breach, and there is no indication that either Johnson’s Comcast account or Brennan’s AOL account contained classified information.
Cybersecurity has been a congressional priority ever since hackers reportedly linked to China broke into the servers of the Office of Personnel Management earlier this year and stole more than 22 million federal workers’ records. The 2014 Sony Pictures Entertainment hack and the revelation that former Secretary of State Hillary Clinton conducted business on a private email server have also intensified calls for cyber legislation, although CISA’s critics and other experts regularly point out that information sharing would not have stopped these and other high-profile hacks.
Privacy groups protested CISA outside the Capitol on Thursday night, and Sen. Ron Wyden (D-Ore.), the bill’s most vocal congressional opponent, has promised to keep up the fight when votes resume next week.
Photo via Scott/Flickr (CC BY SA 2.0)