You're right, of course, that federal agencies have the power to classify data. But I think saying that overclassification happens all the time is not a controversial statement; President Obama in 2010 signed the Reducing Over-Classification Act and the DOD IG announced last November that it reviewing DOD classification procedures. One of the 9/11 Commission members concluded: "Much more information needs to be declassified. A great deal of information should never be classified at all."

So if the only reason we need CISPA is that DOD is inadvisedly classifying botnet data as SECRET, then a sensible fix is for DOD to declassify it. Or, that failing, Congress could amend 18 USC 798 to allow that to happen. Laws, like computer security, should follow the principle of least privilege, and enacting a broad wildcard law that overrides all federal and state laws to fix a narrow botnet-classification problem violates that principle.

Also: the primary criticism of CISPA is that it overrides all other state and federal laws in allowing the transfer of customer data from private companies to .gov, .mil and other organizations. You're defending .gov->.com data transfer, which is hand-wavingly orthogonal to an explanation of why a wildcard override for .com->.gov data transfer is necessary.