Governance & Risk Management , Information Sharing , Standards, Regulations & Compliance

House OKs 2nd Cyberthreat Info-Sharing Bill

Two Approved Measures Will Be Combined
House OKs 2nd Cyberthreat Info-Sharing Bill

A second cyberthreat information sharing bill passed the House of Representatives on April 23. That measure, the National Cybersecurity Protection Advancement Act, now will be combined with the House Intelligence Committee's Protecting Cyber Networks Act, which passed on April 22, before it's sent to the Senate.

See Also: New OnDemand: How CISOs Can Ace Cyber Risk Reporting to the Board and the SEC

The National Cybersecurity Protection Act, which was approved by a 355-63 vote, provides businesses with liability protections if they share cyberthreat information with the federal government and other businesses. The bill designates the National Cybersecurity and Communications Integration Center as the portal for government and business to share data.

"Ultimately, this legislation will arm those who protect our networks with valuable cyber-threat indicators that they can use to fortify defenses against future attacks," said one of the bill's sponsors, Rep. John Ratcliffe, chairman of a House Homeland Security Committee subcommittee, which has cybersecurity oversight.

Supporters of cyberthreat information sharing legislation, including President Obama, say such a measure is needed because many businesses will not share information with the government unless they're protected from civil and criminal lawsuits resulting from the sharing of data. Both bills, and one approved by the Senate Intelligence Committee, would provide those liability safeguards.

The House-passed bills' supporters contend their measures protect citizens' privacy and liberties by requiring businesses to strip personally identifiable information from information to be shared. Language added to the National Cybersecurity Protection Advancement Act specifically says the shared data is to be used for cyberdefense only and cannot be used for intelligence or law enforcement purposes. Still, consumer advocacy groups contend the bill does not go far enough to prevent sharing of data for purposes other than cyberdefense.

The White House, in Statements of Administration Policies, has given both House-passed bills a lukewarm endorsement, but it made suggestions on changes it seeks, especially the narrowing of the liability protections the measures offer.

In the Senate, Majority Leader Mike McConnell said its version of cyberthreat information sharing legislation should come up for a vote shortly, but did not provide a specific date. If the Senate passes its own cyberthreat information sharing legislation, conferees from both chambers, weighing recommendations from the White House, will draft new language in hopes of winning the support of a majority of House and Senate lawmakers as well as the president.


About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.