Dem
47
GOP
53
While Secretary of Defense Pete Hegseth is busy trying to win World War I again by making sure our guys have bigger biceps than the Germans, World War III (or the lead-up to it) is likely to feature drones, UAVs (like the Patriot, Reaper, and Global Hawk), and fierce battles in cyberspace. For the latter, coordination between the private sector and government will be crucial. A law called CISA (Cybersecurity and Information Sharing Act) is much more crucial for the military than generals doing pull-ups or investing in new razors. It was passed by Congress in 2015 for 10 years and it expired on Tuesday. Because everyone is focused on the shutdown, Congress has not renewed it, even though there is bipartisan support for doing so.
What the law does is allow private companies to monitor information systems for information about hostile powers (and terrorists) and authorizes them to turn the information over to the government without fear of lawsuits. It also allows them to coordinate their activities in this area without running into antitrust lawsuits from the government. Additionally, it puts some limits on which government information can be obtained through FOIA lawsuits.
The renewal bill is cosponsored by Sens. Gary Peters (D-MI) and Mike Rounds (R-SD). It is currently being held up by the chairman of the Homeland Security Committee, Sen. Rand Paul (R-KY), who wants certain changes to it. Since companies are no longer exempt from antitrust prosecution if they work together on national security, they are all going to abruptly stop it, wrecking systems and relationships that have worked fairly well for 10 years. Even senators from Kentucky ought to know that malign foreign actors have large teams of people whose job is to hack U.S. government and private computer systems and that speed is of the essence in containing them. If, for example, Google discovers and thwarts a hack, it would normally be willing to alert Microsoft, Facebook, Amazon, Apple, Oracle, and other tech companies, but not if that could result in lawsuits against Google. CISA prevents that.
Cybersecurity is an ever-moving target, and if Paul feels CISA needs updating, that is fine, certainly in the area of protecting civil liberties. Various experts have proposed fixing bugs in the law (e.g., see here), but doing nothing is not a good idea. (V)