Senate to Mull Cyberthreat Sharing Bill

White House Mute on Whether It Backs New Measure
Senate to Mull Cyberthreat Sharing Bill
Sens.Saxby Chambliss and Dianne Feinstein

The Senate Intelligence Committee next week will consider long-awaited legislation that's designed to encourage businesses to share cyberthreat information with the federal government and each other.

See Also: The Ultimate PIA and DPIA Handbook for Privacy Professionals

Sens. Dianne Feinstein, D-Calif., and Saxby Chambliss, R-Ga., the intelligence committee's chair and ranking member, released on June 17 a draft version of the Cybersecurity Information Sharing Act, which the sponsors contend incentivizes the sharing of cybersecurity threat information between business and the government and among private sector entities.

A similar bill known as CISPA, the Cyber Intelligence and Protection Act, overwhelmingly passed the House of Representatives last year (see House Handily Passes CISPAWhite House Threatens CISPA Veto, Again).

What's unclear is whether the Feinstein-Chambliss bill adequately addresses concerns raised by the White House in its veto threat. The administration complained that CISPA failed to provide sufficient privacy safeguards and it too broadly extended liability protections to businesses.

The White House declined to comment on the new legislation or whether it was involved in its drafting.

James Lewis, the government IT security expert at the Center for Strategic and International Studies, a think tank, reviewed the legislation and suggests it's not much different from CISPA in substance, adding that the Senate bill contains "some modest tweaks to increase privacy protections."

The sponsor of CISPA, Rep. Mike Rogers, R-Mich., and the House Intelligence Committee's chairman and ranking member, C.A. Ruppersberger, D-Ill., enthusiastically endorsed the Senate measure and urged its quick passage. "The legislation will allow the private sector to protect itself from the severe onslaught of attacks, ultimately protecting the American economy as a whole," Rogers and Ruppersberger said in a statement. "We are confident that a final bill that enhances our security while protecting privacy and civil liberties can be worked out quickly in conference."

Bill's Provisions

According to a statement issued by Feinstein, the bill would:

  • Remove legal barriers for companies to share, receive and use voluntarily cyberthreat information and defensive measure;
  • Furnish liability protection for the sharing of cyber-information for cybersecurity purposes;
  • Authorize and provide liability protection for companies to monitor their networks.
  • Direct the federal government to share information with the private sector at the classified and unclassified levels, consistent with protections of sources and methods.
  • Provide important protections to ensure that sharing of cyber-information does not allow for privacy intrusions.

Specifically, the bill would require companies sharing cyber-information to strip personally identifying information from cyberthreat information before sharing it. It also would require the attorney general to write procedures to limit the government's use of cyber-information to appropriate purposes and to ensure privacy protections are in place.

The legislation also requires that information shared with the federal government through real-time information sharing mechanisms must be provided to the Department of Homeland Security in order to receive liability protection. That information is to be shared immediately with other relevant federal departments.


About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.