A major cybersecurity bill backed by business groups could be derailed if Congress does not pass it by the end of this month, The Hill reports.
The Cybersecurity Information Sharing Act (CISA) would give companies legal liability protections when they share cyber threat data with the government. Supporters, including the U.S. Chamber of Commerce and the Financial Services Roundtable, say it will strengthen the nation’s cyber defenses against the type of attacks that have hit several major U.S. firms over the past year.
According to The Hill, lawmakers are hoping to get the bill passed before Congress considers reauthorization of the National Security Agency’s surveillance programs.
“From a strategic perspective, it is absolutely better to have [cyber legislation] move prior to that discussion,” said Norma Krayem, a lobbyist with Squire Patton Boggs who co-chairs the firm’s cyber security industry group, according to The Hill.
The NSA programs must be reauthorized by June 1. “If we don’t do [cyber] by the end of April, then we’ll have to do it by the end of July,” after surveillance reform, Alex Manning, senior government relations director with the law firm Arent Fox, told the Hill.
But privacy advocates are concerned CISA will expand government surveillance and argue that the NSA must be reformed before Congress passes additional laws that would give the government more data.
“We continue to say that NSA surveillance reform needs to be the priority,” Gabe Rottman, legislative counsel with the American Civil Liberties Union, told The Hill.
Opponents say the cyber measure is too lax about sharing data within the government, expands government authority to use that data, and is not aggressive enough in requiring companies to remove personal data before sharing it with the government.
CISA passed out of the Senate Intelligence Committee last month by a 14-1 vote, but Sen. Ron Wyden (D-Ore.), who voted against it, called it a “surveillance bill” in all but name.
During December’s lame-duck congressional session, lawmakers failed in an effort to move concurrently a cyber bill and the USA Freedom Act, which would have reined in the NSA’s bulk collection of phone metadata.