recommended reading

Bipartisan cybersecurity bill aims to spur industry-government sharing

House Intelligence Committee Chairman Mike Rogers , R-Mich., and ranking member Dutch Ruppersberger , D-Md., introduced legislation on Wednesday that would provide a channel for the government to share classified intelligence with the private sector to protect against cyberattacks.

The bipartisan bill would make it easier for government to share information with companies, without forcing the firms to do anything about it. It would also exempt companies from any liability if they share information with the government--something that worries privacy advocates such as the American Civil Liberties Union.

"The American private sector is working incredibly hard to protect itself," Rogers told an audience at the National Cable and Telecommunications Association on Wednesday. "The best thing that we can do is remove the barriers that make it hard for industry to share information and defend themselves, and provide government information in support of these efforts."

"Our intelligence agencies collect important information overseas about advanced foreign cyber threats that could dramatically assist the private sector," he continued. "The government needs to be able to better share this threat intelligence so that the private sector can protect its own networks."

Under the Cyber Intelligence Sharing and Protection Act of 2011, the director of national intelligence would outline a framework for the intelligence community to share classified intelligence about cyber threats with the private sector. Information about systems' vulnerabilities--or direct attempts to disrupt them or steal information--could be provided to those with security clearances specially charged with receiving this information.

The private sector could then, in turn, share information about cyber threats with the federal government on an anonymous and voluntary basis, and with other participating companies so long as the information is not used to gain an unfair competitive advantage. Private companies would receive immunity from lawsuits if they act in good faith and share their data--and also could not be prosecuted for failing to act on the information about threats they receive.

"They're just going to blow a hole through all the privacy laws on the books for cybersecurity purposes," ACLU's Michelle Richardson told The Washington Post.

Rogers pushed back against criticism that the bill contains no mandate requiring companies to act on information they receive about critical vulnerabilities. "These companies are under assault every single day, in some cases, individual companies tens of thousands of times a day. Their IT shops can barely keep up," Rogers said, adding that these threats can cost companies millions of dollars. "It's in their own best interests to cooperate."

The bill is narrower than Senate proposals, which favor more sweeping cybersecurity regulations. House Republicans have largely steered away from significant government regulations or mandates on industry, instead favoring cybersecurity incentives for private firms to boost their own security and share information.

"Our challenge to the intelligence community, to Congress at large, to the White House, has been: 'Don't dangle this bill up with all your hopes and aspirations of the final solution to cybersecurity,' " Rogers said. "That's not what this bill does. This bill is a very narrow, very important first step of providing a forum to get classified threat information to the companies who can use it best to protect a broad swath of networks across the country."

Rogers said that lawmakers on both sides, including Reps. Jim Langevin , D-R.I., Michael McCaul , R-Texas, Adam Schiff , D-Calif., and Mac Thornberry , R-Texas, support the bill. "The reason you can get all those people is because it is a very narrow, focused bill," Rogers said.

Last month, a House GOP task force, composed of representatives of nine committees with jurisdiction over cyber issues, called for industry-friendly cybersecurity incentives. "Change occurs so fast in this area that attempts to directly regulate a specific cybersecurity solution will be outdated by the time it is written," the task force concluded.

The bill already has support from industry. IBM's vice president of government relations, Christopher Padilla, said that the legislation "provides a solid framework and useful legal protections to permit the timely flow of actionable threat information in order for organizations to better protect themselves and customers."

Threatwatch Alert

Network intrusion / Software vulnerability

Hundreds of Thousands of Job Seekers' Information May Have Been Compromised by Hackers

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.