In-brief: Leaders of the House of Representatives Intelligence Committee introduced the Protecting Cyber Networks Act on Tuesday. The bill would make it easier for companies to share information about attacks with each other and with the government. It also addresses concerns about omnibus spying by U.S. intelligence agencies.
Reuters reports that Leaders of the House of Representatives Intelligence Committee introduced legislation on Tuesday to make it easier for companies to share information about cybersecurity threats with the government, without the fear of being sued.
From the Reuters story:
“The Protecting Cyber Networks Act has significant bipartisan support. Although privacy activists worry that it could lead to more surveillance, proponents say the measure has strong backing from the business community and a good chance of being passed by Congress.
‘This is a growing concern and getting worse,’ Republican. Representative Devin Nunes, the intelligence panel’s chairman, told reporters.”
Cyber security legislation is one of just a few areas for which there is broad and bi-partisan support in Congress. President Obama called for greater sharing of threat and attack information at a summit at Stanford University in February.
However, the legislation has been hampered by a range of issues. among them: concerns among Democrats and others that increased data sharing and incident reporting by private sector firms will fuel surveillance activities by the country’s intelligence agencies.
Among other things, the proposed legislation would enables private companies to voluntarily share what the bill calls “cyber threat indicators” and to voluntarily share these indicators with the federal government. Data would not go through the NSA or Department of Defense and the law will provide “strong protections for privacy and civil liberties,” according to a summary of the bill.
The bill would prohibit the government from forcing private sector entities to provide information to the government and require them to strip shared data of personally identifiable information before disclosing it.