Senate Intelligence Committee expected to consider legislation next week
Washington—Senate Intelligence Committee Chairman Dianne Feinstein (D-Calif.) today released a draft version of the Cybersecurity Information Sharing Act, a bill drafted by Senator Feinstein and Senate Intelligence Committee Vice Chairman Saxby Chambliss (R-Ga.). The committee expects to consider the bill next week.
The bill incentivizes the sharing of cybersecurity threat information between the private sector and the government and among private sector entities. It responds to the massive and growing threat to national and economic security from cyber intrusion and attack, and seeks to improve the security of public and private computer networks by increasing awareness of threats and defenses.
•Removes legal barriers for companies to share, receive and use cyber threat information and cyber countermeasures (defensive measures) on a purely voluntary basis.
•Provides liability protection for the sharing of cyber information for cybersecurity purposes under the terms of the bill.
•Provides important protections to ensure that sharing of cyber information does not allow for privacy intrusions. Specifically, the bill:
oRequires companies sharing cyber information to remove personally identifying information from cyber threat information before sharing.
oRequires the attorney general to write procedures to limit the government’s use of cyber information to appropriate cyber purposes, and to ensure privacy protections are in place.
oMandates that information shared with the federal government through real-time information sharing mechanisms or other electronic methods must be provided to the Department of Homeland Security in order to receive liability protection. That information is to be shared immediately with other relevant federal departments.
oRequires reports by the Privacy and Civil Liberties Oversight Board and relevant federal inspectors general, and by agency heads, on the use of authorities and protections under this bill.
•Authorizes and provides liability protection for companies to monitor their networks.
•Directs the federal government to share information with the private sector at the classified and unclassified levels, consistent with protections of sources and methods.