Export Compliance Daily is a Warren News publication.
CISA Most Difficult

Cyber Bills' Chances in Lame Duck Unaffected by GOP Wave, Say Industry Lobbyists

The information and communications technology (ICT) sector doesn’t view the Republican takeover of the Senate and enlarged majority in the House as a result of Tuesday’s election (see 1411050043) as likely to change the overall chances of cybersecurity legislation passing during the upcoming lame-duck session, industry lawyers and lobbyists told us. Several major cybersecurity bills are awaiting full Senate action, but it remains unclear how Senate leadership will rank those bills among their priorities during the lame duck, lawyers and lobbyists said. Congress is set to reconvene Wednesday but the lame duck isn't expected substantially begin until December due to new member orientations, leadership elections and the Thanksgiving holiday.

Sign up for a free preview to unlock the rest of this article

Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.

Senate Majority Leader Harry Reid, D-Nev., and other Senate leaders haven’t revealed their priorities for the lame-duck session, but addressing the federal budget and homeland security issues are likely to get precedence, said Jessica Herrera-Flanigan, a lobbyist at the Monument Policy Group whose Q3 clients included LinkedIn and Microsoft. Cyber bills “are important bills, but they’re not an overwhelming Democratic priority” and are likely to remain something where bipartisan cooperation will be possible, she said.

There’s “an opportunity” for the Senate to move on the Department of Homeland Security-centric National Cybersecurity and Communications Integration Center Act (S-2519) and the Federal Information Security Modernization Act (S-2521), which the Senate Homeland Security Committee passed in June (see 1406270036), Herrera-Flanigan said. The House already passed a bill similar to S-2519 -- the National Cybersecurity and Critical Infrastructure Protection Act (HR-3696) (see 1407300030). Those bills stand a better chance if Senate Homeland Security Chairman Tom Carper, D-Del., chooses to attach them as amendments to a major bill, she said.

One candidate bill would be the FY 2015 National Defense Authorization Act (S-2410), though Carper could choose another omnibus bill, Herrera-Flanigan said. Language from the DHS Cybersecurity Workforce Recruitment and Retention Act (S-2354), another DHS-centric cyber bill, made it into the Border Patrol Agent Pay Reform Act (S-1691) when the Senate passed that bill in September. Carper remains “hopeful his cyber security legislation will pass before the end of the year” and will “pursue cybersecurity as a top priority in the 114th Congress,” an aide said.

There’s an appetite in the Senate to move on S-2519 and S-2521, but “the problem there is it’s really dependent on whether or not Congress comes back and decides it’s going to do more than” the most necessary legislation, Herrera-Flanigan said. “If that’s the path they take, then those bills’ chances of passing really depend on whether they can be attached to one of the must-do vehicles -- and that’s just an unknown factor until they come back and decide their path forward.” Bob Dix, Juniper Networks vice president-government affairs and critical infrastructure protection, said he’d “like to be optimistic” that bipartisan support for S-2519 and S-2521 will help move them through the Senate this session, but “I’m not sure how many other issues the leadership is going to be willing to consider” after they address the budget.

Senate consideration of the Cybersecurity Information Sharing Act (CISA) (S-2588) remains highly dependent on Congress' passing the USA Freedom Act, Herrera-Flanigan said. The Senate hasn’t moved on its version of the USA Freedom Act (S-2685), which substantially differs from the House-passed version (HR-3361). Senate leaders may also feel it’s not feasible for them to pass CISA during the lame duck because “there’s still some disagreement between the House and Senate” on privacy protections related to information sharing, said former FCC Public Safety Bureau Chief Jamie Barnett, a telecom and cybersecurity lawyer at Venable. CISA and the House-passed Cyber Intelligence Sharing and Protection Act (CISPA) (HR-624) are substantially the same, but CISA’s supporters say their bill contains enhanced privacy provisions. The American Civil Liberties Union and Electronic Frontier Foundation have said CISA’s privacy provisions are insufficient.

Senate Intelligence Committee Chairwoman Dianne Feinstein, D-Calif., and Vice Chairman Saxby Chambliss, R-Ga., have expressed confidence in recent weeks that the Senate will pass CISA during the lame duck, which Internet Security Alliance President Larry Clinton said he's “a little skeptical” about, given ongoing privacy concerns. “I would be surprised if it passed, but it would be a happy surprise,” he said. “I don’t see how the privacy lobby’s views would be dramatically changed by the election.” A Feinstein aide said he had no new information on whether Reid would allow a Senate vote on CISA this session.

Dix said he believes there’s still a possibility for the Senate to move on CISA before year-end but that if it doesn’t make it to the floor, the 114th Congress should address it “early in the next session.” Reid has appeared reluctant to move on CISA, so “hopefully that will change in the new makeup of the Senate with more of an appetite to move forward on this,” Dix said. Danielle Coffey, Telecommunications Industry Association vice president-government affairs, said she believes there “might be potential for momentum” on cyber information sharing legislation in the 114th Congress but that privacy issues will likely remain a concern. Retiring House Intelligence Committee Chairman Mike Rogers, R-Mich., won’t be available to back a new version of CISPA in the 114th Congress, but committee ranking member Dutch Ruppersberger, D-Md., “will continue to beat the drum,” Coffey said.