While the Senate is trying to get S 754, the Cybersecurity Information Sharing Act (CISA) of 2015, to a floor vote before leaving on their summer recess at the end of the week, a number of amendments are being submitted that may or may not be considered before the final floor vote. Yesterday, for instance there were 65 such amendments submitted. Of those amendments only four may be of specific interest to readers of this blog:
∙ SA 2573. Mr. Flake (R,AZ), pgs S6306-07;
∙ SA 2576. Mr. Markey (D,MA), pgs S6309-10;
∙ SA 2608. Ms. Warren (D,MA), pg S6321; and
∙ SA 2609. Ms. Warren, pg S6321
The Flake amendment deals with electric grid cybersecurity issues and is a virtual copy of HR 2271 which has yet to be acted upon in the House. Similarly the Markey amendment is a copy of S 1806; his bill on automotive cybersecurity issues.
The two amendments by Warren both deal with liability issues. The first ensures that the provisions of §6 (Protection from Liability) of the bill are not misconstrued to apply to organizations that do not take actions to “action to address a cybersecurity threat or a security vulnerability”. Similarly SA 2609 adds a new paragraph to §6 that specifically requires an entity that receives information “regarding a cybersecurity threat or a security vulnerability under this Act” to take actions to “to address the threat or vulnerability” or be liable.
As of this morning’s publication of yesterday’s Congressional Record there was no agreement in place as to what amendments would or would not be taken up prior to the final vote on S 754.