News of yet another massive hack has been met with yet another urgent push from lawmakers and the Obama administration to pass legislation that would increase the sharing of digital data between the private sector and the government.
But privacy-minded lawmakers appear unswayed by the cyber intrusion announced by the Office of Personnel Management on Thursday that exposed the personally identifiable information of 4 million current and former federal employees during a breach detected in April.
Sen. Patrick Leahy, the top Democrat on the Senate Judiciary Committee, on Friday urged caution as Congress considers how best to respond to the hack and bolster its cyberdefenses.
"I want to look more at what happened at OPM, but I worry that it's always, 'Pass this law immediately, because otherwise we're'—fill in the blank," Leahy said during an interview for C-SPAN's Newsmakers program, which included questions from National Journal.
"You'd almost think ISIS was marching up Pennsylvania Avenue during this last debate, if we didn't pass it immediately," the Vermont Democrat added, referencing some of the rhetoric surrounding this week's passage of the USA Freedom Act, a surveillance-reform bill that restored provisions of the Patriot Act that temporarily lapsed on June 1.
Leahy, the top Democrat on the Senate Judiciary Committee, has urged his panel take up secondary consideration of the Cybersecurity Information Sharing Act, which easily cleared the Intelligence Committee on a 14-1 vote in March. Democratic Sen. Ron Wyden, a civil liberties hard-liner, was the sole dissenter.
CISA has failed to gain much traction in Congress over the past several years, despite concerted efforts by lawmakers who say it would improve the nation's cyber preparedness. But versions of the bill passed the House last month, and leaders of both parties, in addition to the White House, have identified it as a top goal this year in which bipartisan support is achievable—a priority prompted in part by the debilitating hack of Sony Pictures last year that officials blamed on North Korea.
That urgency has been reiterated in the wake of the OPM hack. On Friday, White House press secretary Josh Earnest said that President Obama has made cybersecurity a top priority and has rolled out an information-sharing framework, "but we haven't seen Congress do a single thing."
In a statement Friday, Sen. Dianne Feinstein, the top Democrat on the intelligence panel, pushed for the upper chamber to bring CISA to the floor as soon as business with the defense authorization bill is finished.
"It's impossible to overstate this threat: Trillions of dollars, the private data of every single American, even the security of critical infrastructure like our power grid, nuclear plants, and drinking water are all at risk," Feinstein said. "I believe we can protect the privacy of Americans and at the same time put in place powerful safeguards and tools to prevent these cyberattacks from abroad. We need to act quickly."
But Leahy said Friday he was more concerned with getting cybersecurity language done right than done quickly.
"Take a breather," Leahy said during the C-SPAN interview. "There are always going to be attacks. There is always going to be hacking."
Wyden also pushed back against CISA, saying in a statement that the OPM hack was "a bad excuse to try and pass a bad bill.
"I reject the notion that corporate privacy is more important than individual privacy," the Oregon Democrat said.