Streamlining CISA: Senate May Limit Amendments to Cyber Bill

The 22 amend­ments to the Cy­ber­se­cur­ity In­form­a­tion-Shar­ing Act that sen­at­ors agreed upon be­fore re­cess may not all get a vote, Sen. Di­anne Fein­stein, one of the bill’s co-spon­sors, said Wed­nes­day.

The next few months of the Sen­ate’s time will largely be taken up by de­bate over ap­pro­pri­ations and Pres­id­ent Obama’s nuc­le­ar deal with Ir­an, leav­ing little time for the cy­ber­se­cur­ity bill and the bevy of pro­posed amend­ments that will go along with it.

To make room for de­bate on the in­form­a­tion-shar­ing bill, some of the amend­ments may not get a vote, Fein­stein toldNa­tion­al Journ­al.

“I don’t know if there will be 22 amend­ments,” the Cali­for­nia Demo­crat said. “Everything changes week to week. I’m more con­cerned with get­ting the bill up, try­ing to get it passed, get­ting it con­fer­enced, and then get­ting the con­fer­ence re­port ap­proved.”

“A short­er de­bate means few­er amend­ments, be­cause you have to com­plete the de­bate,” Fein­stein ad­ded. She said she did not know which amend­ments may not get voted on.

The bill Fein­stein co-sponsored with Sen. Richard Burr, a Re­pub­lic­an, is meant to im­prove cy­ber­se­cur­ity in gov­ern­ment and in the private sec­tor by cre­at­ing in­cent­ives for busi­nesses to share in­form­a­tion about cy­ber­threats with each oth­er and with fed­er­al agen­cies.

The agree­ment sen­at­ors reached be­fore leav­ing in Au­gust was to make pending a group of 22 amend­ments: 10 from Re­pub­lic­ans, 11 from Demo­crats, and a man­ager’s amend­ment from the bill’s spon­sors. The amend­ments ad­dress a wide range of is­sues, in­clud­ing pri­vacy pro­tec­tions for in­di­vidu­als, li­ab­il­ity pro­tec­tions for com­pan­ies, and the struc­ture of the shar­ing pro­gram it­self.

“It’s not known yet if all will be voted on,” said Don Stew­art, a spokes­man for Sen­ate Ma­jor­ity Lead­er Mitch Mc­Con­nell.

Still, be­cause sen­at­ors agreed in Au­gust to make the amend­ments pending, a move to dis­pose of one or more would re­quire a vote—or the amend­ment could be with­drawn by its spon­sor.

Some sen­at­ors who fought hard to put for­ward changes to the bill may try to block at­tempts to cut down on the amend­ments that get con­sidered.

“I’m cer­tainly not go­ing to cas­u­ally give un­an­im­ous con­sent to chop off amend­ments,” said Sen. Ron Wyden, who has re­peatedly cri­ti­cized CISA for what he says are lackluster pri­vacy pro­tec­tions. Wyden is the spon­sor of mul­tiple amend­ments in the pack­age that was ne­go­ti­ated be­fore re­cess.

“What I agreed on with re­spect to this is­sue is that there would be 22 amend­ments—and no time lim­its, by the way,” Wyden said.

The in­form­a­tion-shar­ing bill and its amend­ments have pit­ted pri­vacy ad­voc­ates and se­cur­ity ex­perts against busi­nesses. Pri­vacy ad­voc­ates say the bill could res­ult in com­pan­ies im­prop­erly shar­ing in­di­vidu­als’ sens­it­ive per­son­al in­form­a­tion with the gov­ern­ment—in­clud­ing law-en­force­ment and sur­veil­lance agen­cies—and they are lob­by­ing for the Sen­ate to drop CISA. Tech ex­perts say there are more ef­fect­ive ways to im­prove cy­ber­se­cur­ity than in­form­a­tion-shar­ing.

But the busi­ness com­munity has come out in sup­port of the bill, cit­ing the need for more pro­tec­tions against cy­ber­at­tacks. Com­pan­ies stand to gain from the li­ab­il­ity pro­tec­tions in the bill, which are de­signed to in­centiv­ize shar­ing.

Since sen­at­ors are cur­rently mired in de­bate over the Ir­an deal, it’s not clear when the bill and its amend­ments—whatever the num­ber—would come up for con­sid­er­a­tion. Mul­tiple law­makers said Wed­nes­day they hope it gets a vote, but the Sen­ate’s sched­ule re­mains murky.

CISA will come up “even­tu­ally,” said Stew­art, Mc­Con­nell’s spokes­man. “Could be Septem­ber, could be Oc­to­ber, could be Novem­ber. We don’t know yet.”