Information-sharing bill on tap in House Homeland panel

The chairman of the House Homeland Security Committee on April 13 introduced a bill to encourage the voluntary sharing of cyber-threat information between private firms and the government.

The committee will mark up the bill on April 14.

Texas Republican Michael McCaul and freshman home-state colleague John Ratcliffe's measure would give firms increased liability protections to share threat information. McCaul has argued that the lack of such provisions has hindered the public-private information-sharing regime to date.

The bill offers liability protections to firms that share information on cyber threats and their defensive responses to such threats. The bill also would allow firms to conduct "network awareness," defined broadly as scanning or monitoring information systems.

"One of the greatest cyber threats to the homeland is the weakness of our power grids, and energy and water systems," the lawmakers said in a joint statement. "A successful cyberattack on our critical infrastructure could cripple our economy."

A legislative blueprint the White House issued in January did not go far enough in offering companies legal protection when they share threat information, McCaul said last month. Like the White House proposal, the new bill’s federal hub for information sharing would be the Department of Homeland Security’s National Cybersecurity and Communications Integration Center.

Privacy concerns have been a sticking point in previous information-sharing bills taken up by Congress. In announcing their measure, McCaul and Ratcliffe listed the ways they said it would protect privacy, including a requirement that the NCCIC thoroughly "scrub" threat data of personal information before sharing that data with other agencies or private entities.