1 sources: national journal, “the 22 amendments that could determine the fate of the senate’s...
TRANSCRIPT
1Sources: National Journal, “The 22 Amendments That Could Determine the fate of the Senate’s Cybersecurity Bill,” August 26, 2015
S. Amdt Description
2581 Offers liability protection for sharing with FBI and Secret Service [Tom Cotton (R-AR)]
2612 Narrows definitions of cybersecurity threats and indicators [Al Franken (D-MN), Patrick Leahy (D-VT), and Ron Wyden (D-OR)]
2580 Restates voluntary nature of private sector sharing [Jeff Flake (R-AZ)]
2564 Prevents business from using CISA liability protections to break user agreements [Rand Paul (R-KY)]
2621 Requires companies to remove personal information “to the extent feasible” [Ron Wyden (D-OR)]
2548 Requires companies to remove personal information if they “reasonably believe” it’s unrelated [Dean Heller (R-NV)]
2615 Require DHS to remove personal information before sharing with other government agencies [Tom Carper (D-DE)]
2552 Require DHS to remove personal information before sharing with other government agencies [Chris Coons (D-DE)]
2582 Implements a six-year sunset [Jeff Flake (R-AZ) and Al Franken (D-MN)]
2622 Requires government to notify individuals about improper sharing [Ron Wyden (D-OR)]
2587 Removes FOIA exemption [Patrick Leahy (D-VT)]
2632 Commission government cyber reports [Jon Tester (D-MT)]
2604 Commission government cyber reports [Dan Coats (R-IN)]
2578 Eases clearance processes for committee staffers [David Vitter (R-LA)]
2579 Establishes small-business cyber center at DHS [David Vitter R-LA]
2631 Requires Department of State to write international cyber policy [Cory Gardner (R-CO) and Benjamin Cardin (D-MD)]
2603 Mandates reports on foreign governments’ cybercrime efforts [Mark Kirk (R-IL) and Kirsten Gillibrand (D-NY)]
2589 Extends Privacy Act rights to allied countries’ citizens[(Chris Murphy (D-CT)]
2557 Increases funding for OPM cybersecurity [Barbara Mikulski (D-MD)]
2627 Authorize DHS to introduce government-wide cyberdefenses [Tom Carper (D-DE)]
2626 Increases punishment for cybercrimes [Sheldon Whitehouse (D-RI)]
Manager’sAmdt
Multiple privacy, operations, and oversight changes [Dianne Feinstein (D-CA) and Richard Burr (R-NC)]
Senate Majority Leader Lined Up 22 CISA Amendments for Vote
2
Operations and Liability AmendmentsS. AMDT. Sponsor Amendment Details Criticism of Amendment
2581Sen. Tom Cotton (R-AR)
Offers liability protection for companies•Would grant companies that share information with FBI and Secret Service some immunity from lawsuits•While CISA permits businesses to share information with any federal agency, it only offers liability protection for sharing cyberthreat information with the Department of Homeland Security
Raises potential privacy concerns as it decentralizes the provision of information within the government from the DHS hub
2612
Sen. Al Franken(D-MN)
Narrows definitions of the types of information that companies could share with the government•Cosponsors: Patrick Leahy (D-VT), Ron Wyden (D-OR)•Would allow companies to share cyberthreat information only insofar as it’s “necessary to describe or identify” certain malicious activities that hackers generally engage in
Critics of the amendment argue that the time necessary to reach a high-level of confidence that harm is or could be done may be extremely costly
2580 Sen. Jeff Flake(R-AZ)
Restates voluntary nature of private sector sharing•Reinforces the voluntary nature of the information-sharing program, addressing concerns that the unamended bill virtually forces companies to share information with the government
Does not address the likelihood that the government will require all participants to share cyberthreat information
2564 Sen. Rand Paul
(R-KY)
Prevents businesses from using CISA liability protections to break user agreements•Limit the liability protection extended to business so that companies would remain bound to the privacy agreements they enter into with their customers
If liability protection is removed or thrown into question, it may compromise the main tool that CISA employs to get encourage business participation
Sources: National Journal, “The 22 Amendments That Could Determine the fate of the Senate’s Cybersecurity Bill,” August 26, 2015
3
Privacy AmendmentsS.AMDT. Sponsor Amendment Details Criticism of Amendment
2621Sen. Ron Wyden(D-OR)
Would strengthen a requirement for companies to remove personal information “to the extent feasible” •Cosponsors: Tom Udall (D-NM), Sherrod Brown (D-OH), Al Franken (D-MN), Edward Markey (D-MA), Richard Blumenthal (D-CT), Tammy Baldwin (D-WI)
While some CISA opponents say this is the most important must-pass change, CISA supporters say the vague language makes it hard for companies to know if they’ve complied
2548Sen. Dean
Heller(R-NV)
Would require companies to remove personal information if they “reasonably believe” it does not relate directly to a threat•Cosponsor: Patrick Leahy (D-VT)•Would impose less stringent restrictions on businesses than Sen. Wyden’s amendment (S. Amdt 2621)
Lacks the ‘legal certainty’ and ease of interpretation that businesses are seeking
2615 (Carper, Leahy)
2552 (Coons)
Sen. Tom Carper(D-DE)
Sen. Chris Coons(D-DE)
These two amendments would require DHS to remove personal information before sharing with other government agencies•Both the Coons and the Carper amendments place the burden of removing personal information on the DHS, instead of on companies
Since CISA would allow businesses to share directly with any federal agency, there would remain ways for personal information to make is way into government systems
Sources: National Journal, “The 22 Amendments That Could Determine the fate of the Senate’s Cybersecurity Bill,” August 26, 2015
4
Oversight AmendmentsS.AMD
TSponsor Amendment Information
2582 Sen. Jeff Flake(R-AZ)
Would implement a six-year sunset to CISA’s authorization•Cosponsors: Sen. Al Franken •After six-year sunset, Congress would have to reauthorize the bill and would have a chance to make changes
2622 Sen. Ron Wyden(D-OR)
Would require the federal government to notify individuals about improper sharing•Cosponsors: Tom Udall (D-NM), Sherrod Brown (D-OH), Al Franken (D-MN), Edward Markey (D-MA), Richard Blumenthal (D-CT), Tammy Baldwin (D-WI)
2587Sen. Patrick Leahy
(D-VT)
Would remove a FOIA exemption•This amendment would remove a part of the bill that exempts information shared through the program from Freedom of Information Act requests
2632
2604
Sen. Jon Tester (D-MT)
Sen. Dan Coats (R-IN)
These two amendments would commission government cyber reports•Tester’s amendment would require the government to report on a variety of information sharing metrics, including the number of times personal information was not removed but should have been•Coats’s amendment would commission a report on cyber security threats to mobile devices
Sources: National Journal, “The 22 Amendments That Could Determine the fate of the Senate’s Cybersecurity Bill,” August 26, 2015
5
Other AmendmentsS.AMDT Sponsor Amendment Information
2578 (Vitter, Leahy)
2579Sen. David Vitter
(R-LA)
Vitter’s first amendment would ease the security clearance process for staffers•Cosponsor: Jon Tester (D-MT)•Would make it easier for members on Senate committees who handle sensitive information to get at least one staffer a security clearanceVitter’s second amendment would establish small-business cyber center at DHS
2631Sen. Cory Gardner(R-CO)
Would require the State Department to write international cyber policy•Cosponsor: Benjamin Cardin (D-MD)•Would require the Secretary of State to draw up a “comprehensive strategy relating to United States international policy with regard to cyberspace”
2603
Sen. Mark Kirk(R-IL)
Would mandate reports on foreign governments’ cybercrime effortsCosponsor: Kirsten Gillibrand (D-NY) •Would push the Secretary of State to consult with governments of countries that are home to cyber criminals to determine how those criminals are being pursued
2589
Sen. Chris Murphy(D-CT)
Would extend Privacy Act rights to allied countries’ citizens•Cosponsor: Orrin Hatch (R-UT)•Extending the rights in the Privacy Act to US allies would allow foreign citizens to challenge how their private information is used in American courts
Sources: National Journal, “The 22 Amendments That Could Determine the fate of the Senate’s Cybersecurity Bill,” August 26, 2015
6
Other AmendmentsS.AMDT. Sponsor Amendment Information
2557Sen. Barbara Mikulski
(D-MD)
Would increase funding for OPM cybersecurity•Cosponsors: Benjamin Cardin (D-MD) and Mark Warner (D-VA)•This amendment would appropriate $37 million to the Office of Personnel Management to boost its cybersecurity efforts
2627
Sen. Tom Carper(D-DE)
Would authorize DHS to introduce government-wide cyberdefenses•Cosponsors: Ron Johnson (R-WI), Kelly Ayotte (R-NH), Claire McCaskill (D-MO), Susan Collins (R-ME),Mark Warner (D-VA)•This amendment would tack-on the Federal Cybersecurity Enhancement Act, which would authorize DHS to roll out the Einstein cyberdefense system to every federal agency
2626Sen. Sheldon Whitehouse
(D-RI)
Increases punishment for cybercrimes•The amendment would allow prosecutors to seek up to 20 years of prison time for an individual who harms a computer connected to “critical infrastructure”
Manager’sAmdt.
Sen. Richard Burr (R-NC)
Sen. Dianne Feinstein (D-CA)
This manager’s amendment proposes multiple privacy, operations and oversight changes•Put forward by the co-sponsors of CISA, the manager’s amendment has the support of all sides•Would allow information sharing only for cybersecurity purposes and removes authorization that would have allowed law enforcement to use cyberthreat information to pursue violent felons
Sources: National Journal, “The 22 Amendments That Could Determine the fate of the Senate’s Cybersecurity Bill,” August 26, 2015