The House of Representatives approved a controversial cybersecurity information-sharing bill on April 18, despite Senate opposition and a veto threat from President Obama that makes further action on the measure unlikely.
H.R. 624, the “Cyber Intelligence Sharing and Protection Act,” or CISPA, would establish procedures for the Director of National Intelligence to share sensitive cyber threat information with private businesses and public utility operators – including operators of water and wastewater utilities – that hold appropriate security clearances. The bill would offer liability protections for authorized recipients of cyber threat data that act based on the information, and does not include any new rules or regulations for critical infrastructure owners and operators.
CISPA won House approval on a bipartisan vote of 288 – 127, but the bill has attracted strong opposition from many civil liberties advocates who fear it could prompt private companies to hand over personal Internet user information to the government. These were among the concerns that led the White House to issue a veto threat against the bill on April 16. Notably, the veto threat also criticized CISPA’s lack of provisions for “the establishment and adoption of standards for critical infrastructure.”
The next steps for Congress on cybersecurity are unclear. Democratic leaders are not expected to bring CISPA to the Senate floor, nor do they appear to have enough votes to advance their own cyber bill that would impose new standards on critical infrastructure entities. Meanwhile, House Homeland Security Committee Chairman Michael McCaul (R-Tex.) is developing his own cybersecurity bill that will seek to boost information sharing among DHS and critical infrastructure operators. Chairman McCaul hopes that bill will be ready for House floor action by June.