Sen. Saxby Chambliss, R-Ga., sees bipartisan consensus building on cyber legislation. (Mark Wilson / Getty Images)
WASHINGTON — Members of the Senate Intelligence Committee are just a few provisions away from reaching consensus on a sweeping new cybersecurity bill that would codify how private companies can report suspicious activity, a leading Senate Republican said on Tuesday.
The legislation, hashed out over the past year and a half between Sen. Dianne Feinstein, D-Calif., chairman of the Intelligence Committee and Sen. Saxby Chambliss, R-Ga., the ranking Republican, seeks to create a “portal” within the Department of Homeland Security where companies can report suspicious activity, Chambliss told the Bloomberg Government conference.
Chambliss said “we’re down to just a couple of provisions that we’ve got to resolve before we can bring a bill to the committee” and that the major difference between staffs revolves around the issue of liability protection.
“Our bill says we will create a portal at the Department of Homeland Security, so that the private-sector entity will report [suspicious] activity through that portal.” He added “there will be real-time sharing of that information across the sector of the federal government that has an involvement and the private sector that has involvement.”
Right now there is no central reporting authority inside the federal government for private entities to report suspicious cyber activity, leading to a potential multiplicity of efforts, depending on who reports what.
A critical component of the bill revolves around potential liability companies might face from sharing data with the federal government.
“Under the bill being hashed out, the private-sector entity would have immunity from liability because it went though the DHS portal,” the senator said, but what they would not have immunity from is any conversations or information sharing that takes place outside of the portal.
The issue of immunity has been a point of contention, and it is a particularly sensitive topic in the wake of the revelations of National Security Agency data sweeps and warrants directing telecommunications companies to share user data with the federal government.
Chambliss nodded to these issues when he said the bill will seek to “incentivize the private sector to want to participate in cybersecurity protection” since it is “critically important that we build trust among the private sector in the federal government.”
The senator conceded that “we do need to make some changes in the way that we handle our monitoring of individuals, and there is a very delicate line between privacy and protection,” but overall he defended the NSA and its data-collection efforts.
He added that he thinks there are two reasons this bill will not fall short like several other attempts at cyber legislation. “One is because it’s a bipartisan bill … and second, if we don’t do it by the end of the year, the House and Senate will have a new influx of members and you don’t know what their priorities will be.”
Chambliss was confident that his committee and House Intelligence Committee Chairman Rep. Mike Rogers, R-Mich., and ranking member Rep. Dutch Ruppersberger, D-Md., would be able to bridge any differences between a House bill and the Senate bill. ■