House Republicans and Democrats expressed optimism Friday about sending a cybersecurity bill to President Obama this year, despite significant disagreements with the Senate and the White House.
The House delivered a strong bipartisan vote Thursday for the Cyber Intelligence Sharing and Protection Act despite a White House veto threat. The bill would encourage companies and the federal government to share information collected on the Internet to help prevent electronic attacks from cybercriminals, foreign governments and terrorists.
The vote was 248 to 168, with 42 Democrats joining 206 Republicans in backing the measure. The House also approved three other less-divisive cyber-related bills, including one on Friday that improves coordination between the private and public sectors on research and development on cybersecurity. The vote was 395 to 10.
“Four bills coming out of the House with strong majorities,” Rep. Mac Thornberry (R-Tex.) said Friday. “I really think the burden is on the Senate to do something. They can do big bills, small bills, it really doesn’t matter. Just do something.”
In the Senate, several Democrats and Republicans prefer a bill by Sens. Joseph I. Lieberman (I-Conn.) and Susan Collins (R-Maine) that would give the Department of Homeland Security the primary role in overseeing domestic cybersecurity and the authority to set security standards. The House bill does not give Homeland Security that authority. The White House favors the Senate measure.
The House bill would impose no new rules on businesses, a Republican imperative.
The Senate could act as early as next month on the legislation, although it’s uncertain what might emerge in light of internal Senate disputes. House members hope disagreements on a final bill could be settled by a House-Senate conference committee, if not earlier.
“We have a bill; now we start resolving the issues,” Rep. C.A. Dutch Ruppersberger of Maryland, the House Intelligence Committee’s top Democrat, said Friday. He said he has talked to both the White House and top members of the Senate intelligence panel about moving forward.
Congressional leaders are determined to get a cybersecurity bill completed this election year. More than 10 years after the terrorist attacks of Sept. 11, 2001, lawmakers describe it as an initial step to deal with an evolving threat in the Internet age.
“We really don’t have a choice to sit still, because our adversaries are not sitting still,” Rep. Adam B. Schiff (D-Calif.) said in an interview Friday.
Schiff, a member of the intelligence panel, said he didn’t think the House and Senate were far apart and he expected the various factions to resolve such thorny issues as strengthening privacy protections, whether the government can require the private sector to take steps to protect infrastructure and the role of Homeland Security.
House Speaker John A. Boehner (R-Ohio) challenged the administration’s approach.
“The White House believes the government ought to control the Internet, government ought to set standards and government ought to take care of everything that’s needed for cybersecurity,” Boehner told reporters last week. “They’re in a camp all by themselves.”
The House bill would allow the government to relay cyberthreat information to a company to prevent attacks from Russia or China. In the private sector, corporations could alert the government and provide data that could stop an attack on the country’s water supply or the banking system.
Faced with widespread privacy concerns, Rep. Mike Rogers (R-Mich.), chairman of the House Intelligence Committee, and Ruppersberger pulled together an amendment that limits the government’s use of threat information to five specific purposes: cybersecurity; investigation and prosecution of cybersecurity crimes; protection of individuals from death or serious bodily injury; protection of minors from child pornography; and the protection of national security.
The White House, along with a coalition of liberal and conservative groups and some lawmakers, strongly opposed the bill, complaining that privacy could be violated. They argued that companies could share an employee’s personal information with the government, and the data could end up in the hands of officials from the National Security Agency or the Defense Department. They also challenged the bill’s liability waiver for private companies that disclose information, complaining that it was too broad.
Despite the objections, Thornberry said he didn’t take the veto threat seriously.
“I cannot conceive of a president vetoing a bill on an issue that they talk about as being this serious, dealing with a part of the issue they support. They support information-sharing,” he said.