The leaders of the House Intelligence Committee defended their cybersecurity information-sharing legislation Tuesday from charges it would raise significant concerns over privacy and civil liberties. Chairman Mike Rogers, R-Mich., and ranking Democrat C.A. Dutch Ruppersberger of Maryland dismissed recent comparisons between their legislation (HR 3523) and the Stop Online Piracy Act (SOPA) (HR 3261) during a conference call with reporters. The pair promised their bill would be amended to address separate privacy concerns raised by groups including the Center for Democracy and Technology. The legislation is scheduled for debate on the House floor later this month as the lower chamber moves forward with a host of cybersecurity bills. My full report for CQ is available here.
The lawmakers focused primarily on deflecting concerns that information collected under the bill would be used for purposes other than safeguarding the nation's computer networks. But the most noteworthy comment may have come from Rogers, in response to my question about possible regulation of utility companies and other critical infrastructure providers. Rogers re-iterated that companies have every incentive to safeguard their systems from attacks or face possible catastrophe, but he also said he believes the House Energy and Commerce Committee will introduce some type of voluntary security standard for utility providers in the near future. While that's not quite the baseline security requirement desired by Democrats and many cybersecurity experts, it's one of the strongest indications we've had to date that both sides are trying to hash out their differences over critical infrastructure providers.
As we've mentioned here many times, Sen. John McCain, R-Ariz., and other senior Senate Republicans have also dug their heels in over the issue of mandatory regulations for critical infrastructure providers. Such regulations appear even less likely to gain traction in the House, though they have some measured support from the leadership of the House GOP Cybersecurity working group. But Democrats are eager to achieve a victory on the cybersecurity front and may be willing to compromise on voluntary standards in order to move a bill forward. So far Senate leadership and the bill's sponsors have shown no sign of cracking, but they also expressed a willingness to negotiate, provided the Republicans acknowledge something must be done on critical infrastructure. Rogers and Ruppersberger said they were in contact with both the Senate and the White House while formulating changes to their legislation, with an eye toward gaining passage into law.
We've predicted all along that any cybersecurity legislation signed into law this year will largely resemble some combination of the Rogers-Ruppersberger bill and the Lungren offering (HR 3674), which will reportedly be considered by the full House Homeland Security Committee next week. With the election looming, the window for getting something passed this year appears to be rapidly shrinking. The House will likely attempt to combine the disparate bills in the coming weeks, putting the onus on the Senate to end its standoff or risk another year passing with no update to the nation's cybersecurity laws. Senate Homeland Security chairman Joe Lieberman, I-Conn., has been a driving force behind the push for cybersecurity legislation and is planning to retire at the end of the year. That could add some urgency to the search for a compromise. But someone will have to budge on the issue of critical infrastructure regulations, and so far both sides are keep their poker faces straight.