Homeland Security Committees Seen Increasing Influence on Cyber Information Sharing Legislation
The Senate Homeland Security Committee’s Wednesday hearing on cybersecurity information sharing is the clearest sign yet that the committee and its House counterpart are seeking a significant role in writing information sharing legislation, but it remains unclear whether they or the Intelligence committees will take the lead role, industry executives and lobbyists told us. Senate Homeland Security members said Wednesday that they will write their info sharing bill based on the White House proposal released earlier this month, along with two controversial bills from last Congress -- the Cyber Intelligence Sharing and Protection Act (CISPA) and its Senate counterpart, the Cybersecurity Information Sharing Act (CISA) (see 1501280060).
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
Both sets of committees are expected to work on information sharing legislation, with Senate Homeland Security ranking member Tom Carper, D-Del., saying in a statement that he wants to collaborate with the Senate Intelligence Committee and the White House as the committee its bill. The offices of Senate Homeland Security Chairman Ron Johnson, R-Wis., and Intelligence Chairman Richard Burr, R-N.C., didn’t comment. House Homeland Security Committee Chairman Michael McCaul, R-Pa., said in a statement that he plans to write information sharing legislation. A spokesman for House Intelligence Committee Chairman Devin Nunes, R-Calif., declined to comment on the committee’s current legislative strategy. Former House Intelligence ranking member Dutch Ruppersberger, D-Md., reintroduced CISPA (HR-234) earlier this month (see 1501090035), which Nunes said he welcomed while cautioning that he wanted to see a variety of legislative proposals.
The Intelligence committees are in the short term likely to focus on reauthorizing major portions of the USA Patriot Act that are set to expire June 1, giving the Homeland Security committees a chance to “make a big push to expand their role on cybersecurity,” said Arent Fox Senior Government Relations Director Alex Manning, former staff director for House Homeland Security’s Cybersecurity Subcommittee. The retirement of former House Intelligence Chairman Mike Rogers, R-Mich., “took a lot of wind out of the sails” for CISPA, which Rogers co-sponsored, Manning said.
Burr and Nunes have said cybersecurity remains a priority for their committees, with Nunes saying Wednesday that House Intelligence would be creating a separate Cybersecurity and NSA Subcommittee. Rep. Lynn Westmoreland, R-Ga., will chair the subcommittee, with Rep. Jim Himes, D-Conn., as ranking member, House Intelligence said. The Intelligence committees will certainly “want to be involved in the conversation, but I don’t see them taking the lead on information sharing this time,” an industry lobbyist said.
The Homeland Security committees wouldn’t extend their jurisdiction by expanding their role to include information sharing since their bills are likely to place responsibility for domestic information sharing at the Department of Homeland Security, but it would represent a shift toward giving DHS more cybersecurity responsibility, Manning said. The Homeland Security committees have focused on domestic cybersecurity functions conducted through DHS, with the two committees shepherding four DHS-centric cyber bills that Congress passed in mid-December (see 1412100052).
Any willingness to expand DHS’ cyber role would signal that Congress believes DHS “has come a long way,” Manning said. “I made a career out of bashing DHS and their ability to do things, but in recent years you’ve seen significant improvements” in its cybersecurity work, he said. Those improvements have been particularly noticeable at the DHS-directed U.S. Computer Emergency Readiness Team, while the National Cybersecurity and Communications Integration Center “has really impressed people,” Manning said.
There’s “good reason for the Homeland Security committees to be considering information from a domestic perspective,” but the Intelligence committees should still have a significant role in a final bill to deal with the foreign intelligence and military perspective of the issue, said Internet Security Alliance President Larry Clinton. “The Intelligence committees have really taken the lead on this and I wouldn’t want to see that back work history go unappreciated in the process.” Jurisdiction over cybersecurity is divided up among many congressional committees, but those committees “need to ensure that all relevant interests are properly addressed,” Clinton said. “They can’t focus on jurisdictional issues in a way that slows down a bill like this.”
A shift toward DHS-centric information sharing also inevitably stems from increased wariness about U.S. intelligence agencies following the disclosures about controversial NSA programs that began in June 2013, Manning said. “People have come to the conclusion that” following the leaks from former NSA contractor Edward Snowden, “the only logical place to be doing information sharing is at DHS,” he said. Most industry observers have cited the Snowden leaks as the main factor in halting passage of CISA. The House passed CISPA in April 2013, prior to the beginning of Snowden’s leaks.
It’s unclear whether a shift to a DHS-centric information sharing approach is “a positive or negative development,” but privacy advocates have long argued that any government role in domestic cyber information sharing needs to be done through a civilian agency, said Gabe Rottman, legislative counsel for the American Civil Liberties Union's Washington Legislative Office. Only a civilian agency is likely to provide sufficient transparency in government information sharing, “so to that extent it’s good thing that the Homeland Security committees are claiming their jurisdiction on this,” Rottman said. “I wouldn’t be surprised if [Senate Intelligence ranking member Dianne Feinstein, D-Calif.] reintroduced another version of CISA,” he said. The ACLU remains opposed to CISPA in its latest iteration, Rottman said.