Congress needs to reauthorize an expiring law that provides legal protections to companies for sharing cyber threat information with the federal government and each other, the staff director for Democrats on the Senate Homeland Security and Governmental Affairs Committee said Wednesday.
The 2015 Cybersecurity and Infrastructure Security Act is due to lapse at the end of September. It provides defenses against lawsuits for companies sharing threat information, antitrust law exemptions and more.
“Providing them with the liability shield that was created about a decade ago is critical to allow real-time information sharing with the federal government,” David Weinberg said at the FedScoop-produced Elastic Public Sector Summit in Washington, D.C. “We want to make sure that critical infrastructure operators are forthcoming when” cyberattacks happen.
The chairman of the panel, Sen. Rand Paul, R-Ky., opposed the law in 2015 over privacy concerns. But its renewal has bipartisan support among some leaders of the committees that might vet the bill, including the House Homeland Security Committee and the House and Senate intelligence panels.
Weinberg also advocated for the panel to pass stalled legislation that seeks to address a tangle of sometimes-conflicting cybersecurity regulations by creating a committee of executive branch officials to examine it.
“We think this is a good starting point [to] create sort of an interagency committee on regulatory harmonization for cybersecurity and make sure that we are cracking down on duplicative or conflicting regulations,” he said. “And they would make recommendations back to Congress for us to try to do a more sweeping effort to harmonize across cybersecurity, from cyber hygiene to more prescriptive regulations that critical infrastructure operators face.”
The Senate Homeland Security and Governmental Affairs Committee approved the bill by a vote of 10-1 last year, but never advanced further. Paul voted against the legislation.
Committee Democrats are also looking to make sure the Cybersecurity and Infrastructure Security Agency isn’t damaged. Paul has been a staunch critic of the agency.
“I think we’re kind of in a ‘do no harm’ posture,” Weinberg said. “We are trying to make sure CISA matures, we get in place good nominees and understand the mission there and across the federal government in terms of our cybersecurity needs.”
The Trump administration last week nominated Sean Plankey to lead CISA.
