Leaders of the Senate Intelligence Committee appealed to the Chamber of Commerce on Tuesday for help passing legislation that they say will encourage “information sharing,” and suggested a bill could pass as early as this month.
“We have other countries and individuals simply eating our lunch,” said Sen. Dianne Feinstein, D-Calif., referencing the theft of commercial secrets from American companies. She asked the chamber to “make a full-court push, call members, talk with members,” about supporting the Cybersecurity Information Sharing Act. Proponents say the legislation will help deter hackers.
She gave the remarks during an appearance with Committee Chairman Sen. Richard Burr, R-N.C., at the chamber’s headquarters in Washington, D.C. The two have been vocal supporters of the legislation, which has languished in the Senate for much of the year. Senators recessed in August without taking a vote, leaving the legislation to be brought up again this fall.
As part of a deal to bring it up again this fall, proponents agreed to consider 21 amendments to the bill. Burr expressed optimism that process would conclude quickly. “We’re not looking at a lengthy process. We can process 21 amendments in a matter of days,” Burr said. “We’ll accept other things that we think make the bill better.”
However, Burr said, he would reject changes that altered the fundamentals of the legislation, which advocates say is voluntary. “If you turn around and make this mandatory, you drastically change what transpires,” Burr said.
“As open as we are, this has to stay in the lanes of what he have identified … were the established lanes to negotiate and write this bill,” Burr added.
The legislation’s supporters say companies may opt in to the program instituted under its provisions. In doing so, they would be able to share information about cybersecurity breaches with the government and other companies without fear of liability for exposing customer data.
However, companies that choose not to participate would be precluded from receiving information about threats. Opponents say the competitive disadvantage for non-participants makes the program effectively compulsory.
Nonetheless, Feinstein told the chamber that the cybersecurity climate is untenable. “You have countries that can get into a company and stay there for two or three years and drain it of its fiduciary information,” she said.
In light of recent major breaches, legislators have been emphasizing the losses that have taken place as a result of private companies being victimized. Last week, the credit-checking agency Experian announced that it had lost data on 15 million T-Mobile customers in a cybersecurity breach of its own.
Feinstein and Burr took advantage of the situation to issue a joint press release, saying their legislation could have prevented the incident and attacking groups that worry about privacy, saying that those groups opposed the bill “out of a knee-jerk reaction against any communication between the government and industry.”
“If these special interest groups are successful in mischaracterizing this bill, which authorizes purely voluntary sharing, they will only succeed in allowing more personal information to be compromised to criminals and foreign countries,” their statement said.
The business community, represented most notably by the Chamber of Commerce and the Financial Services Roundtable, has welcomed the prospect of additional liability protection and assistance from the government in managing their cybersecurity affairs.
