Information Sharing Legislation is Unlikely in September
Given a packed schedule in the Senate due to the Iran nuclear deal, the Pope’s visit, and the start of Fiscal Year (FY) 2016 on October 1, it is unlikely that the Senate will pick up where it left off in August on the Cybersecurity Information Sharing Act (CISA/S. 754) until next month. The Senate began consideration of the bill during the first week of August but was unable to finish the debate on the legislation due to time constraints caused by August recess. Before leaving for recess, Senate Majority Leader Mitch McConnell (R-KY) ruled 22 amendments in order – 10 from Republicans, 11 from Democrats, and one bipartisan manager’s amendment – to be voted on whenever the bill is reconsidered on the floor. Most stakeholders have conceded that the Senate is unlikely to consider CISA until October but some worry that even then there may not be enough time on the Senate floor to get through all of the amendments that have been ruled in order.
Executive Branch Activity
Cyber is on the Agenda for the Chinese President Xi Jinping’s Visit
Chinese President Xi Jinping is scheduled to visit the U.S. later this month. President Obama indicated last week that during the visit he plans to talk with President Xi about the frequent Chinese cyber attacks on U.S. businesses and the federal government, including the recent breach at the Office of Personnel Management (OPM). It is widely believed that the Chinese government played a role in the OPM breach, which exposed personal data from over 20 million U.S. government employees.
In advance of the visit, Obama Administration officials have floated the idea of imposing sanctions on Chinese individuals and firms that hack U.S. companies, which some stakeholders have said could provide some leverage for the negotiations with China during President Xi’s visit. If the President chooses to impose sanctions on China, it will be the first time that the President has used the executive power that was established in his April Executive Order to issue sanctions to individuals or entities involved in cyber attacks. Yet, business leaders have expressed some concern that cyber sanctions could harm other diplomatic efforts and may not be effective in preventing future cyber attacks from Chinese actors.