Feb 13 2012
Lowers barriers to cyber-threat information sharing between companies, federal government. Included in Senate’s comprehensive Cybersecurity Act of 2012, to be introduced this week.
Washington—Senator Dianne Feinstein (D-Calif.), chairman of the Senate Intelligence Committee, today introduced the Cybersecurity Information Sharing Act of 2012. The bill provides increased authority for cyber-threat information sharing and reduces legal barriers to allow private entities to share cybersecurity information with each other and the federal government.
Currently, a combination of existing law and risk-averse business practices prevents or deters companies from sharing information about cyber threats and the ability of hackers and cyber-thieves to infiltrate corporate defenses.
“Alongside terrorism, cybersecurity is perhaps the number one threat facing our nation today, but many obstacles exist that prevent the cooperation and coordination needed to deter this growing threat,” said Senator Feinstein. “I’m pleased that this bill will be incorporated into the Cybersecurity Act of 2012, which will be debated by the Senate soon. It’s past time that we address the widespread and devastating effects that cyber intrusions are having on our country. Enhancing effective, responsible cyber-threat information sharing is a key part of bolstering our cyber defense.”
At the Senate Intelligence Committee’s hearing on Worldwide Threats last month, the U.S. Intelligence Community equated cyber threats to terrorism and proliferation as the highest priority threats to our national security.
An unclassified report by the Intelligence Community made public in November 2011 said cyber intrusions against U.S. companies cost billions of dollars annually and named China and Russia as aggressive and persistent cyber thieves. Senator Barbara Mikulski (D-Md.) is a cosponsor of the bill.
Key provisions of the Cybersecurity Information Sharing Act of 2012:
- Requires the federal government to designate an agency or office as a “cybersecurity exchange” to serve as a hub for distributing and exchanging cyber-threat information.
- Authorizes companies to monitor and defend their own networks. Establishes procedures for private sector companies to share cyber information with each other and with the federal government, and provides appropriate liability protections and restrictions on government use of that information.
- Establishes procedures for the government to share classified cybersecurity threat information with certified private sector entities. Normally, only government contractors can acquire a security clearance to receive classified cyber-threat information.
- The bill does not provide any new authorities for conducting surveillance. It also establishes a robust privacy compliance regime to ensure that information shared with the federal government is protected.