Cyber-security bill passes House but faces snags

WASHINGTON — Add cyber-security to the list of tough problems Washington can’t agree on how to tackle.

A bipartisan bill whose chief sponsors are the chairman and ranking member of the House Intelligence Committee has run into trouble, including opposition from leading privacy groups and the White House.

The Cyber Intelligence Sharing and Protection Act, introduced by Rep. Mike Rogers (R-Mich.) and Rep.C.A. Dutch Ruppersberger (D-Md.), passed the Republican-controlled House on Thursday night. It is designed to lift legal barriers that make it difficult for the intelligence community and private companies to share information about cyber-threats.


But with the White House threatening a veto and senators weighing in with criticism, it’s far from clear that CISPA will become law, or that Congress will approve any cyber-security legislation.

The leading Republicans and Democrats who have been working on a separate cyber-security bill in the Senate issued a statement criticizing the House bill because it doesn’t propose standards for protecting crucial infrastructure, such as power grids and water systems. Those systems are vulnerable to cyber-attack, and there is nothing requiring their owners to shore up computer defenses.

Rogers responded that the bill he proposed was achievable. “Big bills aren’t going to pass,” he said.

Intelligence operatives, corporate executives and privacy activists acknowledge that U.S. corporate and government computer networks are the targets of increasingly sophisticated hacking attacks.

The most pernicious are undertaken by criminal networks and foreign intelligence agencies, including out of China, with a goal of stealing national defense information and, even more commonly, intellectual property secrets from American companies, U.S. officials say. Cyber-attacks can also be used to physically tamper with infrastructure, such as electricity generators or chemical plants.

For the last year, bipartisan coalitions of lawmakers in the House and Senate have been working on legislation aimed at bolstering cyber-defenses. But the effort to reach agreement appears to be running aground on the same shoals that so often divide Republicans and Democrats: How much government regulation is appropriate, how to weigh national security against civil liberties, and how much leeway should be given to private corporations?

Although many House Democrats support CISPA, it has drawn significant opposition. The White House said the bill repealed “important provisions of electronic surveillance law without instituting corresponding privacy, confidentiality and civil liberties safeguards.” Privacy activists don’t want the National Security Agency, for example, to have unfettered access to Internet traffic in the name of identifying malware.

Rogers and Ruppersberger had said they would address some of the privacy concerns through amendments on the House floor. But an amendment by Rep.Adam B. Schiff(D-Burbank), designed to assuage those issues, was blocked Thursday by the Republican-controlled House rules panel.

Rogers and Ruppersberger called their bill an important first step. Intelligence agencies are often prohibited by law from sharing information about cyber-threats targeting private companies because the information is classified, they said.

More sweeping Senate cyber-security legislation, sponsored by Sens. Susan Collins (R-Maine), Joe Lieberman (I-Conn.), John D. Rockefeller IV (D-W.Va.) and Dianne Feinstein (D-Calif.), is seen by some business groups and Republicans as too intrusive because it would require companies to set standards for protecting crucial cyber-infrastructure.

That bill has stalled because Democrats lacked the votes to bring it to the floor.