WASHINGTON – Today, by a vote of 74 to 21, the Senate approved the bipartisan Cybersecurity Information Sharing Act (CISA) of 2015 (S. 754), which encourages the sharing of cyber threat information among and between the private sector and federal government. Two of the bill’s major provisions were based on legislation developed by Sen. Tom Carper (D-Del.), ranking member of the Homeland Security and Governmental Affairs Committee and a cosponsor of the bill. Those provisions would strengthen all federal agencies’ cyber defenses and give the Department of Homeland Security (DHS) clearer authorities to share cyber threat information while protecting privacy. Today’s passage builds on years of legislative efforts on cybersecurity by Sen. Carper and his colleagues.
“Last year on Election Day, American voters sent Congress a clear message: they want us to work together in a bipartisan fashion, they want us to achieve real results, and they want us to take actions that help grow our economy,” said Sen. Carper. “By passing this bipartisan cybersecurity legislation, we do all three of those things.
“By sharing more cyber threat information, we can stay ahead of the threat, bolster our defenses, and better protect our critical networks from the growing threat cyber attacks pose to our economic security and our national security. This bill also underscores that we can have both strong cybersecurity and robust privacy protections. In fact, one of the provisions I championed ensures that the Department of Homeland Security, a civilian agency, scrubs cyber threat data of sensitive personal information before it is shared with any other agency.
“I commend Senators Burr and Feinstein for their leadership and tireless efforts to get this bipartisan legislation through the Senate. While we do not agree with everything in this legislation, I greatly appreciate the collaboration and compromises that have been made to make the bill stronger. Today, we showed the American public that we’re still able to set aside our partisan differences and summon the political will to do what’s best for America when the stakes are high.
“While we can celebrate our important accomplishment today, we cannot rest on our laurels. There is still more work to do. We must now work with our colleagues in the House to get this legislation through conference and on to the President’s desk for his signature. I am looking forward to working with my colleagues to get this bill across the finish line without further delay.”
Sen. Carper helped shaped key provisions that play a central role in the bill. Specifically, provisions he championed:
Enhance cybersecurity defenses across the federal government. Language modeled after the Federal Cybersecurity Enhancement Act of 2015 (S.1869), introduced by Sens. Carper and Ron Johnson (R-Wis.), requires that all federal agencies implement stronger protections and state-of-the-art technologies to defend against cyberattacks. It would also accelerate the deployment and adoption of the Department of Homeland Security’s federal cybersecurity program known as EINSTEIN, which works to prevent cyber intrusions.
Increase privacy protections at DHS, which is the center of the new information sharing program. In compromise language, DHS will be allowed to conduct an automated, real time ‘privacy scrub’ for personally identifiable information on information it receives. The Department must work with the Departments of Justice, Defense, Treasury, Commerce, and Energy to develop and agree on the proper privacy scrub procedures.
Make the Department of Homeland Security (DHS) an equal partner in combatting cyber threats by adding language that ensures the Department jointly drafts the information sharing operational procedures for the federal government with the Department of Justice.
In February, Sen. Carper introduced a cyber information sharing bill based on input from experts, stakeholders, and the Administration. Language from that bill, Cyber Threat Sharing Act of 2015 (S.456), helped improve today’s bipartisan compromise.
Sen. Carper has been a leading voice on cybersecurity legislation for years. Today’s passage builds on years of work by Sen. Carper and his colleagues.
“As Ranking Member and former Chairman of the Homeland Security and Governmental Affairs Committee, I have been following cybersecurity – and this information sharing proposal in particular – for years,” said Sen. Carper. “Last Congress, I worked closely with my Ranking Member, Dr. Coburn, and our House counterparts to get four cybersecurity bills enacted into law. I believe these four bills laid a very strong foundation for the Department of Homeland Security to operate at the center of the kind of robust information sharing program that the Burr-Feinstein bill would set up.”
Last Congress, the Senate Homeland Security and Governmental Affairs Committee authored several cybersecurity bills, which the president signed into law in December. Those include the Federal Information Security Modernization Act (P.L. 113-283) to update the Federal Information Security Management Act, the National Cybersecurity Protection Act of 2014 (P.L. 113-282) authorizing a National Cybersecurity and Communications Integration Center at the Department of Homeland Security for information sharing, and two bills to improve the federal cybersecurity workforce — the Cybersecurity Workforce Assessment Act (P.L. 113-246.) and the Border Patrol Pay Reform Act (P.L. 113-277) (which contains provisions from the DHS Cybersecurity Workforce Recruitment and Retention Act of 2014).
Read more about Sen. Carper’s support of a cybersecurity information sharing bill: