Supporters of a bill aimed at protecting the government and American businesses from cyberattacks are trying to shepherd the legislation through a Congress that has been divided over the role the government should play in setting standards for private-sector computer networks.
Those divisions will come to a head as the Senate debates the bill this week. As of Monday, nearly 50 amendments had been filed, and Senate Majority Leader Harry Reid, D-Nev., has said he is open to any amendments that are germane. Lawmakers will push to include a wide range of Internet-related bills that have otherwise stalled, but many amendments will fall into core areas of the cybersecurity debate, as sponsors try to win support from Republicans while maintaining the backing of the White House. Here is a look at some of the amendments.
CRITICAL INFRASTRUCTURE: The deepest divide may be over how much power the government should have to make companies secure networks that operate power grids or chemical plants. The White House and the bill’s backers say it is common sense that critical infrastructure must meet minimum standards, but they agreed to weaken their proposals to win industry and Republican support. Still, look for a series of amendments aimed at removing the government entirely from the equation. Several GOP committee leaders are planning to offer a substitute bill that would avoid any mention of protections for critical infrastructure. The White House, however, says that’s one change it won’t support. There could be room for further compromise. Sen. Kay Bailey Hutchison, R-Texas, who has signed on to the substitute measure, also signaled that changes could be made in the current bill to make standards more explicitly voluntary. Republicans are also pushing for better liability protections as incentives for companies to voluntarily secure their networks.
PRIVACY: Like critical infrastructure standards, privacy provisions also initially drew criticism. After tweaks to improve privacy protections, the Cybersecurity Act won praise from civil liberties advocates. Now some Democrats want to include even more privacy protections. Sen. Al Franken, D-Minn., says he will introduce an amendment limiting Internet service providers’ power to monitor communications in the name of security. Sen. Ron Wyden, D-Ore., meanwhile, is hoping to insert language that would require law enforcement to obtain a warrant before seeking data from global positioning systems.
CYBERSECURITY WORKFORCE: Officials complain that there is a shortage of trained professionals to staff cybersecurity positions, and the Cybersecurity Act aims to fix that by boosting training and other education programs. Sen. Mark Udall, D-Colo., is looking to expand those provisions by establishing cyberdefense training programs at the U.S. Air Force Academy in Colorado Springs. Udall also proposed an amendment requiring the White House to report to Congress on any cybersecurity staffing shortages. Not everyone is enamored of the education measures. Sen. John McCain, R-Ariz., ridiculed programs to raise awareness among grade-school students about cybersecurity and has signaled he would try to remove some of the education measures.
DATA BREACHES: Staffers who helped draft the Cybersecurity Act have said they left out provisions on consumer protections during data breaches because consensus was hard to find. But that hasn’t stopped Senate Judiciary Chairman Patrick Leahy, D-Vt., from proposing an amendment that would make it a crime for companies to hide data breaches from their customers. His other proposals include measures requiring companies that store consumer data to take security precautions, and would set a national standard for data-breach notification by companies. The data-breach amendments could find support from Cybersecurity Act cosponsor Sen. Dianne Feinstein, D-Calif., who has authored her own, separate data-breach legislation.
OTHER ISSUES: Leahy is also pushing for language that would remove legal barriers to sharing video-viewing history online. Such restrictions, which were established to protect video-rental records during the 1980s, currently prevent Facebook users from automatically sharing their Netflix history, for example. Sen. Chris Coons, D-Del., meanwhile, is pushing for a sunset provision to ensure that cybersecurity issues are revisited in five years.