House-backed cyber bills head to Senate

Friday - 4/27/2012, 7:12pm EDT

By DONNA CASSATA
Associated Press

WASHINGTON (AP) - The House delivered a strong bipartisan vote Thursday for the Cyber Intelligence Sharing and Protection Act (CISPA) despite a White House veto threat. The bill encourages companies and the federal government to share information collected on the Internet to help prevent electronic attacks from cybercriminals, foreign governments and terrorists.

Now, House Republicans and Democrats are expressing optimism about sending a cybersecurity bill to President Barack Obama this year despite significant disagreements with the Senate and the White House.

The CISPA vote was 248-168, with 42 Democrats joining 206 Republicans in backing the measure.

The House has also approved three other less-divisive cyber-related bills, dealing with cyber research-and-development and updated guidelines for protecting agency computer networks.

"Four bills coming out of the House with strong majorities," Rep. Mac Thornberry, R-Texas, said Friday. "I really think the burden is on the Senate to do something. They can do big bills, small bills, it really doesn't matter. Just do something."

CISPA

The House bill would allow the government to relay cyber threat information to a company to prevent attacks from Russia or China. In the private sector, corporations could alert the government and provide data that could stop an attack intended to disrupt the country's water supply or take down the banking system.

Faced with widespread privacy concerns, Rep. Mike Rogers, R-Mich., chairman of the House Intelligence Committee, and Ruppersberger pulled together an amendment that limits the government's use of threat information to five specific purposes: cybersecurity; investigation and prosecution of cybersecurity crimes; protection of individuals from death or serious bodily harm; protection of minors from child pornography; and the protection of national security.

The White House, along with a coalition of liberal and conservative groups and some lawmakers, strongly opposed the bill, complaining that Americans' privacy could be violated. They argued that companies could share an employee's personal information with the government, and the data could end up in the hands of officials from the National Security Agency or the Defense Department. They also challenged the bill's liability waiver for private companies that disclose information, complaining that it was too broad.

FISMA update

Following the CISPA vote, the House also unanimously approved an update to the Federal Information Security Management Act (FISMA), which details how federal agencies protect their networks from cyber threats.

Reps. Darrell Issa (R-Calif.) and Elijah Cummings (D-Md.), the chairman and ranking member of the House Oversight and Government Reform Committee, respectively, introduced the legislation last month.

The Federal Information Security Amendments Act of 2012 reestablishes the Office of Management and Budget's role — as opposed to the Homeland Security Department's — in developing and overseeing agency cybersecurity guidance.

Cybersecurity Enhancement Act

Introduced by Rep. Michael McCaul (R-Texas), the Cybersecurity Enhancement Act calls for federal agencies that participate in the National High-Performance Computing Program (which is most of the larger departments and agencies) to create a strategic plan for cybersecurity research and development.

The bill, which passed the House in a 395-10 vote, also authorizes appropriations to the National Science Foundation to issue research grants and requires the President to submit a report to Congress describing the cybersecurity workforce needs of the federal government.

Second bill advances cyber R&D

Hand-in-hand with the previous legislation, the Advancing America's Networking and Information Technology Research and Development (NITRD) Act renames the National High-Performance Computing Program the Networking and Information Technology Research and Development Program with a renewed focus on cyber R&D efforts.

The bill, introduced by Rep. Ralph Hall (R-Texas), the chairman of the House Science, Space and Technology Committee, tasks the director of the White House Office of Science and Technology Policy with monitoring agencies' efforts at allocating funds for and managing their cyber R&D projects.

Focus shifts to Senate

In the Senate, several Democrats and Republicans prefer a bill by Sens. Joe Lieberman (I-Conn.), and Susan Collins (R-Maine), that would give the Homeland Security Department the primary role in overseeing domestic cybersecurity and the authority to set security standards. The House bill does not give Homeland Security that authority. The White House favors the Senate measure, too.

The House bill also would impose no new rules on businesses, a Republican imperative.

The Senate could act as early as next month on legislation, though it's uncertain what would emerge in light of internal Senate disputes. House members hope disagreements on a final bill could be settled by a House-Senate conference committee, if not earlier.