Former Sen. Saxby Chambliss, R-Ga., has seen this movie before, but this time around he believes cybersecurity legislation actually will get a date on the Senate floor this fall — and that a new cyber information-sharing law will be in place by the end of the year.
The Cybersecurity Information Sharing Act (CISA) might not reach the floor this week — the annual Pentagon authorization bill will come up first — but Chambliss thinks the prospects look good for floor action once the Senate returns later this month from its Columbus Day recess.
Big debates over a final agreement on government spending levels, a debt-ceiling increase, highway programs and other issues are also on the docket. But the cyber info-sharing bill is close to reaching the floor — closer than ever, perhaps.
Chambliss tried in vain to get a cyber bill through the Senate last year when he was the top Republican on the Intelligence Committee. He is still involved in cyber issues as a partner at DLA Piper in Atlanta and discussed the current dynamics around cybersecurity legislation in a phone interview late last week.
“I’ve been thinking it would get to the floor since June,” Chambliss said of the CISA bill. The measure passed the Intelligence Committee back in March but was repeatedly bumped in the legislative queue by other issues, including the debate over USA Patriot Act reform.
Chambliss certainly believed CISA would reach the floor in September after Majority Leader Mitch McConnell, R-Ky., and Minority Leader Harry Reid, D-Nev., reached agreement on the amendments that would be in order for debate.
“I know Sen. [Richard] Burr is frustrated,” Chambliss said, referring to the North Carolina Republican who now chairs the Intelligence panel. “But he believes it’s truly a scheduling issue.”
Chambliss said he agrees with that assessment, and doesn’t think McConnell has delayed action on the bill for substantive reasons.
“I don’t think there’s any hesitancy on the part of Leader McConnell, and his staff doesn’t seem to be concerned about what’s in there,” Chambliss said.
Last year, he said, “was a different story.”
The Georgian said he and then-Intelligence Chairman Dianne Feinstein, D-Calif., “pleaded” with then-Majority Leader Reid to bring the 2014 version to the floor. “We said we’d be willing to debate any and all amendments. But he didn’t want to take tough votes and risk alienating his trial-lawyer allies.”
This time around, “there’s nothing blocking it,” Chambliss said, except for the schedule. Reid, in fact, last week urged McConnell to bring CISA to the floor.
“It’s one of those things, though, where you just hope like heck nothing major happens in the meantime that could’ve been prevented by the legislation,” Chambliss said.
The legislation would encourage sharing of “cyberthreat indicators” among businesses and between industry and government. Major industry groups have pegged it as their top cyber legislative priority.
“It’ll get a big vote” whenever it actually reaches the floor, Chambliss predicted. “We thought we’d get 75 votes last year.”
Chambliss dismissed pressure from online privacy groups in opposition to the bill, saying, “I never saw that as making much difference because their argument is so shallow.”
The bill walks “a fine line between security and privacy,” Chambliss said, asserting that “everybody is sensitive to the privacy issues. But the far Right and the far Left are joining hands, though for different reasons.”
But the activist community is having an impact off Capitol Hill: One industry trade association and at least one company scrambled away from even the appearance that they supported CISA after digital-rights groups targeted them and threatened a boycott campaign.
BSA/The Software Alliance and the company Salesforce issued statements saying a recent letter to Senate leaders should not be construed as signaling support for the cyber bill. In fact, they said, they actually oppose the specific bill pending in the Senate and the two cyber measures that passed the House in April.
“The letter is causing some headaches,” a tech industry source conceded.
“Senate adoption of CISA would be a big blow against privacy, even if all the pro-privacy amendments were adopted,” said Gregory Nojeim of the Center for Democracy and Technology, reflecting the privacy community’s stance against the bill. “At the end of the day, if this bill becomes law, more personal information will flow unnecessarily to [the National Security Agency] and other agencies, and it will be used for other than cyber, including law enforcement.”
Interestingly enough, one person who is seen as bridging differences on cyber issues between industry and privacy advocates left his post at the White House last week.
Ari Schwartz, who coordinated cybersecurity issues for the National Security Council, resigned after two years on the job.
Schwartz served at the Commerce Department and National Institute of Standards and Technology before joining the White House staff, and before that was vice president and chief operating officer at the Center for Democracy and Technology.
Schwartz was part of the team that organized “listening sessions” with stakeholders from industry, activist groups and others in the build-up to a landmark 2013 executive order on cybersecurity that has largely defined the Obama administration’s subsequent cybersecurity strategy.
Privacy groups saw Schwartz as a sympathetic ear, while industry felt he was an honest broker. “Ari was a real hero” in the cyber framework development process, one industry source said recently.
But while the Obama administration moved closer to embracing cyber info-sharing legislation over the past year, Schwartz was unable to bring along his former colleagues at CDT and elsewhere in the activist community.
“A successor is in process but not yet on board, so we don’t have a name to share,” a White House spokesman said, adding that Schwartz’s two years at the NSC was a typically tour of duty.
Meanwhile, stay tuned this week for clues on Senate plans for cyber legislation.
Charlie Mitchell is editor of InsideCybersecurity.com, an exclusive service covering cybersecurity policy from Inside Washington Publishers. This article appears in the Oct. 5 edition of the Washington Examiner magazine.
