Homeland Security gets behind cyber sharing bill

Department of Homeland Security (DHS) Secretary Jeh Johnson has thrown his support behind controversial cybersecurity legislation under consideration in the Senate.

The Cybersecurity Information Sharing Act (CISA) would shield companies from legal liability when sharing cyber threat data with the government.

It faces opposition from a variety of privacy advocates and tech groups who say the bill would unnecessarily funnel personal information to the federal government and weaken security overall.

{mosads}“Now is the opportunity for the Congress, in bipartisan fashion, to better protect the cybersecurity for the American people and their government; it is an opportunity we cannot afford to lose,” Johnson said in a statement late Thursday. “As currently written, I support this bill.”

Johnson’s announcement came less than an hour after the White House tendered its formal support for the legislation.

The Obama administration has been informally on board with CISA since August, when White House spokesman Eric Schultz called on the upper chamber to swiftly move the bill.

Johnson’s agency stands to have significant responsibility for any threat indicators shared with the federal government should the bill pass.

For many privacy and security opponents of the bill, the sticking point was what information would be shared and how.

A series of tweaks and alterations, many of which have been combined into a manager’s amendment package expected to pass next week, attempt to mitigate those concerns.

Under provisions in the package, shared data would be funneled through the DHS to be “scrubbed” of personally identifiable information.

The agency is seen as the best able to handle sensitive personal data. 

The White House on Thursday applauded the bill’s architects for naming DHS as the hub, warning that it would not support any exceptions.

An amendment from Sen. Tom Cotton (R-Ark.) — not included in the manager’s amendment package — would also give companies liability protections when sharing data directly with the FBI and Secret Service.

“The administration will strongly oppose any amendments that would provide additional liability-protected sharing channels, including expanding any exceptions to the DHS portal,” the White House said.

The Senate will vote Tuesday on Cotton’s offering.

Johnson called the current version of the legislation “a good bill,” praising co-sponsors Sens. Dianne Feinstein (D-Calif.) and Richard Burr (R-N.C.) for “taking on the complex subject of cybersecurity legislation [and] accounting for the numerous and varied interests.”

Johnson’s support for the cyber sharing bill was already well known. In September, he called on the Senate to pass CISA during remarks at The Commonwealth Club of California.

“There is an urgent and compelling need for cybersecurity legislation — to strengthen our ability to protect the American public, American businesses large and small, and the federal civilian .gov system,” Johnson said on Thursday.

Critics — including Sen. Ron Wyden (D-Ore.) — say the bill wouldn’t have done anything to prevent the devastating hack of the Office of Personnel Management, which is often touted as a reason to pass the bill.

CISA is set for a final vote on Tuesday.