The House passed three cybersecurity bills Tuesday, including the much-needed update to the Federal Information Security Management Act. But the one House bill many believe would be most worthwhile, the Cybersecurity Information Sharing and Protection Act (CISPA), is stuck in the same debate whirlpool as last session and faces a possible veto by President Barack Obama.
The main sticking point in CISPA for the administration and privacy and civil liberties groups is around how the bill would require the private sector to protect information when shared with the government.
“We have long said that information sharing improvements are essential to effective legislation, but they must include proper privacy and civil liberties protections, reinforce the appropriate roles of civilian and intelligence agencies, and include targeted liability protections,” said Caitlin Hayden, spokeswoman for the White House National Security Council, in an emailed statement. “Under the leadership of the chairman and ranking member, the [House Permanent Select Committee on Intelligence] adopted several amendments to H.R. 624 (CISPA) in a good faith effort to incorporate some of the administration’s important substantive concerns. However, CISPA as reported still does not address these fundamental priorities adequately.”
The White House’s Statement of Administration Policy said the bill falls short because it “does not require private entities to take reasonable steps to remove irrelevant personal information when sending cybersecurity data to the government or other private sector entities. Citizens have a right to know that corporations will be held accountable — and not granted immunity — for failing to safeguard personal information adequately.”
The FISMA Modernization Act passed easily 416-0. This was the second session in a row the full body passed the update. Last year, the Senate included FISMA updates as part of the comprehensive cybersecurity bill that died under its own weight.
“H.R. 1163 has many authors … but it also has [the support of] every committee chairman and every ranking member in the House,” said Rep. Darrell Issa (R- Calif.), chairman of the Oversight and Government Reform Committee, and one of the main sponsors of the bill, during the floor discussion. “This bipartisan legislation will address the shortcomings of FISMA by incorporating recent technological innovations, and enhance and strengthen the current framework that protects federal information technology systems.”
Rep. Gerry Connolly (D-Va.), another major co-sponsor of the bill, said with the ever-increasing number of cyber attacks against federal systems, 48,562 in fiscal 2012, which marks a 782 percent increase over a six-year period, shows the need for the bill.
“This legislation is desperately needed to address a looming and critical threat to our nation’s economic and national security,” he said.
The House also passed H.R. 756, the Cybersecurity Enhancement Act of 2013, and H.R. 967, the Advancing America’s Networking and Information Technology Research and Development Act of 2013, with little debate or challenge.
But H.R. 249, the Federal Employee Tax Accountability Act of 2013, which would have required agencies to fire federal employees who were “seriously delinquent” in paying their taxes, did not get the necessary two-thirds majority needed to pass under the rules of the House for this particular vote, though it passed by total number of votes 250-159.
The National Treasury Employees Union praised the House for not passing the employee tax accountability bill.
Colleen Kelley, NTEU’s president, said in a statement that while NTEU strongly supports the idea that everyone should meet his or her tax obligation, the existing processes provide for disciplinary actions by federal agencies ranging from counseling to removal for failing to satisfy federal, state or local tax obligations. Additionally, the IRS also could levy up to 15 percent of certain federal payments, including federal salaries, for tax debts.