Senate Will Vote on CISA Final Passage on Tuesday
Senate Majority Leader Mitch McConnell (R-KY) has scheduled a final vote on the Cybersecurity Information Sharing Act (CISA/S. 754) for Tuesday. After months of waiting for the bill to be considered on the Senate floor, the Senate finally began debate of CISA last week and plans to complete its work when it returns early next week. While there are still a number of issues to debate this week, the bill is expected to pass.
As previously reported, Majority Leader McConnell narrowed down the list of CISA amendments to be considered on the floor in August. Since that time, Senate Intelligence Committee Chairman Richard Burr (R-NC) and Ranking Member Dianne Feinstein (D-CA) were able to find consensus on a number of these amendments and added them to the manager’s amendment that they have been preparing, which was officially released last week. Many of the changes made to the bill in the manager’s amendment helped to address privacy concerns from a number of Senators and outside stakeholders and also allowed the Committee leaders to secure support for CISA from key Democratic Senators, including Senate Homeland Security and Governmental Affairs Committee Ranking Member Tom Carper (D-DE).
The Senate voted last Thursday to limit debate on CISA by a bipartisan 83-14 vote. Additionally, it also voted down an amendment from Senator Rand Paul (R-KY) that would not allow companies to receive the liability protections in the bill if they violated their privacy agreements with customers in the process of sharing information with the federal government. The amendment failed by a 32-65 vote.
On Tuesday, the Senate will also consider the other amendments that were not incorporated into the manager’s amendment that seek to do the following:
- Sunset the bill after 6 years
- Clarify the definitions of “cybersecurity threat” and “cyber threat indicator”
- Strike the bill’s Freedom of Information Act (FOIA) exemption
- Protect information that is reasonably believed to be personally identifiable information (PII)
- Include stricter requirements for companies to remove PII when sharing information
- Require the Department of Homeland Security (DHS) to review all cyber threat indicators and countermeasures to remove certain PII
- Extend liability protections in the bill to companies that share information directly with the FBI or Secret Service instead of DHS
It is unlikely that any of these amendments will receive enough votes to be included in the final bill. Despite this fact, many stakeholders are especially concerned about the prospects of passing CISA if the amendment passes that would extend liability protections for companies that share information with the FBI or Secret Service. Senator Tom Cotton (R-AR) sponsored this amendment to allow companies that have strong relationships with federal law enforcement agencies to receive the same liability protections other companies would receive but allow them to bypass sharing information with DHS. The Department opposes the amendment, along with a number of other advocates that say that the amendment raises civil liberties concerns and would make it more difficult if information sharing is not housed at one agency.
In its Statement of Administration Policy (SAP), the White House indicated its overall support of CISA but also shared its concern with Senator Cotton’s amendment, noting that the bill should focus on preserving the leadership of civilian agencies, such as DHS, in cybersecurity information sharing initiatives with the private sector. Once the Senate passes CISA, it will be conferenced with the House information sharing legislation which passed in April.