Regarding CISPA, it passed the House by something like a 2-1 margin. My understanding is that the opponents were all shouted down with the author repeating that the law is narrowly targetted, protects privacy, and will protect us from the big imaginary doomsday resulting from when some hacker crashes Facebook's servers because they couldn't be bothered to upgrade their software or something...
None of those are true, but apparently if you repeat them enough, Congressmen just agree.
Anyway, this now moves to the Senate. But, in the Senate, they have their own insane draconian bills to keep tabs on every Internet user. Err...I meant to say "protect us."
After that, the White House did issue a statement that it'd probably get vetoed, but it's the usual politics-speak of in its current form, the President's close advisors would most likely recommend that he veto the bill, not an actual statement of "this is stupid."
I like the concept, but the bill itself is crammed with misunderstandings about where risks come from, how they propagate, and who needs protection. It also seems to utterly misunderstand the Bill of Rights, since my count is that it allows for routine violations of at least three rights (against warrantless search and seizure, against self-incrimination, and for confronting accusers) by trying to deputize (all) companies without giving them the responsibilities that go with it.
The right way for government to get involved in "cybersecurity" (idiotic a word as that is) is to ban the trafficking (and use) of software exploits, allow people to sue for negligence if flaws aren't reported or fixed quickly, and keep public records of what software is up to date. Oh, and exempt security researchers from the DMCA provisions about bypassing DRM. Much easier.