House Intelligence Panel Leaders Reintroduce Cybersecurity Measure

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

House Intelligence Committee Chairman Mike Rogers (R-Mich.) and Ranking Member C. A. “Dutch” Ruppersberger (D-Md.) Feb. 13 reintroduced cybersecurity legislation (H.R. 624) that the panel approved in the previous Congress.

Under the “Cyber Intelligence Sharing and Protection Act,” the federal government would be given new authority to share classified cybersecurity threat information with certified companies. Companies could, on a voluntary basis, share information about cyberthreats with the federal government and other companies. The bill would shield companies that acted in good faith from certain liability.

The bill also would provide privacy and civil liberties protections, according a joint Feb. 13 statement by Rogers and Ruppersberger. Among other measures, the bill includes “[n]arrow definitions that permit only the voluntary sharing by the private sector of a limited category of information--cyber threat information--and only for cybersecurity purposes” and “strict restrictions on the government's use, retention, and searching of any data voluntarily shared by the private sector,” according to the statement.

“American businesses are under siege,” House Intelligence Chairman Mike Rogers (R-Mich.) said in the statement. “We need to provide American companies the information they need to better protect their networks from these dangerous cyber threats. It is time to stop admiring this problem and deal with it immediately.”

Rogers is one of several committee chairmen in both the House and Senate who have made cybersecurity a high priority in the current Congress (12 PVLR 237, 2/11/13).

“We need to do everything we can to enable American companies to defend themselves against these devastating cyber attacks,” Ruppersberger said in the statement announcing the bill. “Our bill does just that by permitting the voluntary sharing of critical threat intelligence while preserving important civil liberties.”

Meanwhile, President Obama Feb. 12 signed an executive order directing federal agencies to develop voluntary cybersecurity standards for critical parts of the private sector and to consider proposing new mandates where possible under existing law (see related report).

Coalition of Businesses Approves Measure

The bill is identical to H.R. 3523, which was introduced in the previous Congress, Rogers and Ruppersberger said. The House approved H.R. 3523, but it faced a veto threat and was not taken up by the Senate (11 PVLR 721, 4/30/12).

The White House favored a more comprehensive bill (S. 3414) introduced by a group of committee chairmen in the Senate, which would have established cybersecurity standards for the private sector, among other provisions. However, Republicans and Democrats clashed over the measure, and efforts to craft a compromise failed (11 PVLR 1680, 11/19/12).

In a Feb. 13 letter to Rogers and Ruppersberger, a coalition of organizations, including the U.S. Chamber of Commerce, expressed support for the reintroduced bill.

“This legislation is necessary to create a powerful sea change in the current information sharing practices between government and the business community that reflects the conditions of an increasingly digital world,” the letter said. “Our organizations have consistently supported legislation that would put timely, reliable, and actionable information into the hands of business owners and operators so that they can better protect their systems and assets against nefarious actors, including rogue individuals, organized criminals, and groups carrying out state-sponsored attacks.”

In addition to providing privacy and civil liberties protections, the organizations said, the measure “provides the needed legal certainty that threat and vulnerability information voluntarily shared with the government would be provided safe harbor against the risk of frivolous lawsuits, would be exempt from public disclosure, and could not be used by officials to regulate other activities.”


Full text of H.R. 624, as introduced, is available at http://op.bna.com/pl.nsf/r?Open=kjon-94wm9c.

Full text of the coalition's letter is available at http://op.bna.com/pl.nsf/r?Open=kjon-94wmry.