In the wake of the recent public disclosure of the massive breach into the Office of Personnel Management compromising the personal information of approximately 4 million individuals, Senators were hoping to tie a cybersecurity bill to annual defense policy legislation. On Tuesday, June 9, 2015, Senate Majority Leader Mitch McConnell (R-KY) announced that he hoped to add a cybersecurity measure to a large defense bill already under debate. However, that effort failed when the Senate fell four votes short of the 60 votes necessary to advance the amendment.
Senator Richard Burr (R-NC), the chairman of the Senate Intelligence Committee, offered the Cybersecurity Information Sharing Act (S. 754) as an amendment to the annual National Defense Authorization Act. The Cybersecurity Information Sharing Act, which was approved by the Senate Intelligence Committee back in March, would encourage companies to voluntarily share information about cyber threats. For companies that chose to share information, it would impose certain requirements related to the protection of customers’ personally identifiable information, and, in exchange for complying with those requirements, it would also offer liability protection to those companies. To centralize the flow of information, a “portal” would be created within the Department of Homeland Security to receive the cyber threat information. This bill is the most recent version of a cybersecurity act to be introduced in the Senate over the last several years, none of which has passed.
In a vote Thursday, only 56 Senators voted in favor of advancing the cybersecurity amendment. While Senate Republicans had pushed to tack the measure onto the annual defense bill, Senate Democrats balked at the attempt, asserting that the cybersecurity issue should be addressed separately from the controversial defense bill. Moreover, although the cybersecurity bill has bipartisan support, some Senate Democrats have voiced concerns that the bill would potentially compromise privacy and have criticized provisions that would authorize the government to use the information that companies share to prevent crimes that are unrelated to cybersecurity. In response to these criticisms, Senator Burr has asserted that the bill would address potential cyber threats while also “ensur[ing] the personal privacy of all Americans.”