With the House poised to consider a range of cybersecurity bills, a markup in the House Homeland Security Committee on Wednesday clearly showed that the panel's leaders fear they are just along for the ride.
Sponsors of the Homeland Security’s contribution to the cybersecurity debate, the Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act of 2011, or the PrECISE Act, spent nearly five hours at Wednesday’s markup walking back proposals included in earlier versions of the bill.
The bill was the product of more than a year of work and it cleared the Cybersecurity, Infrastructure Protection, and Security Technologies Subcommittee by a voice vote in February. On Tuesday, however, lead sponsor Rep. Dan Lungren, R-Calif., introduced a substitute that significantly reduced the scope of the bill. The panel approved the amended bill 16-13.
As approved by the subcommittee, the PrECISE Act would have encouraged information sharing among businesses and government; give Homeland Security officials more oversight over some critical infrastructure networks; and provide for stricter privacy protections. But in response to pressure from House Republican leadership and members of the House Intelligence Committee, which has its own information-sharing bill, Lungren dropped many of the critical infrastructure and DHS provisions.
If those provisions hadn’t been trimmed, a visibly resigned Lungren told disgruntled committee members, the bill would never make it to the floor and the Homeland Security Committee would have been sidelined. “That’s a fact of life,” he said.
Besides the input from Intelligence Committee leaders, Lungren said, GOP opposition to Senate proposals to protect critical infrastructure also led to pressure to limit the PrECISE Act. The changes put Lungren and committee Chairman Peter King, R-N.Y., in the position of opposing their own proposals as Democrats sought to return them in a string of almost 20 amendments, most of which failed.
“If I was in your position I would be doing exactly the same thing,” King told Democrats. “But to keep a seat at the table, to be part of the process going forward, we had to adopt these changes.”
The maneuver was a remarkable development for the committee ostensibly at the center of the cybersecurity debate, but Lungren said it was inevitable because there are nine different committees that claim jurisdiction over homeland-security issues, including cybersecurity. “I don’t want to make it partisan. I don’t want to make it one committee against each other. I want to get something done,” he said.
Democrats criticized the new language for not specifically protecting critical infrastructure like electrical grids, and for not ensuring that DHS would be the agency in charge of federal cybersecurity efforts. Committee ranking member Bennie Thompson, D-Miss., criticized Lungren and King for creating the changes “behind closed doors” with GOP leadership. “It must be very difficult for the majority to vote against their own position, the position they know is right,” he said.
House Intelligence Committee leaders are pushing forward with their Cyber Intelligence Sharing and Protection Act of 2011, known as CISPA, which is aimed at encouraging businesses and government to share cyberthreat information. The bill has been panned by civil-liberties advocates, who fear it undermines privacy, and by the White House, which is supporting a much broader cybersecurity bill proposed in the Senate. Civil-liberties groups had said Lungren’s original bill would have been a favorable alternative, but with the substitute, many of those activists dropped their support.
On Wednesday the House Oversight and Government Reform Committee unanimously approved a bill that would require government agencies to take a more proactive approach, such as continuous monitoring, to protecting their networks.
All three bills are expected to be among those considered by the full House next week.