The top Democrat on the Senate Homeland Security Committee has filed a bill that aims to extend and bolster a now defunct cybersecurity information-sharing law that lapsed when the government shut down on Oct. 1.
The measure from Michigan Senator Gary Peters renames the 2015 Cybersecurity Information Sharing Act as the Protecting America from Cyber Threats Act. The rephrasing, he said, is meant to avoid confusion with the similar sounding Cybersecurity and Infrastructure Security Agency in DHS.
The legislation also includes a retroactive provision to address any gaps in liability protections. The 2015 law let private sector providers transmit cyber threat intelligence with government partners with key legal protections in place. Companies were essentially shielded from lawsuits and regulatory penalties when circulating threat data.
Speaking to reporters Thursday, Peters said he does not have a projected timeline in place for when this new measure could be brought to a vote, and that the ongoing government shutdown complicates those efforts in the short term. He said he has spoken directly with Senate Majority Leader John Thune, R-S.D. on the issue.
Sen. Mike Rounds, R-S.D. — who has worked with Peters on extending the information-sharing law — has also spoken to Thune, Peters said. Rounds is co-sponsoring the new measure.
Peters and a number of his colleagues have in recent days attempted to seek unanimous consent on the Senate floor to pass similar measures, though Senate Homeland Security Committee Chairman Rand Paul, R-Ky., has always objected.
Paul’s counters are a product of his longstanding suspicion about the Cybersecurity and Infrastructure Security Agency and its purported infringement on Americans’ free speech. Industry sources have previously said that Paul’s office has not engaged thoroughly on the matter.
Peters declined to comment on questions about how the law’s lapse was affecting cyber information-sharing because people with “nefarious intent” may exploit those gaps to launch cyber incursions.
“I would be very concerned if companies are not willing to engage right now, because that only increases the threat environment that we’re facing,” Peters said. “The threat increases every single day. And to have this gap is simply unacceptable, and it places unreasonable threat on our country’s cybersecurity.”
Peters also said he is concerned by ongoing efforts to shrink the CISA workforce. Hundreds of DHS employees, including those in CISA, have been marked for reassignments to other agencies, many of them focused on border security and immigration.
