As it did last year, the Obama administration yesterday threatened to veto a bipartisan bill that would provide the private sector with incentives to share cyber threat information with the government while also enabling the intelligence community to share classified cyber threat data with the private sector.
In a Statement of Administration Policy, the administration said that despite improvements in the bill to incorporate its concerns, its senior advisers would recommend that the president veto the Cyber Intelligence and Sharing Protection Act (H.R. 624).
The statement notes positive changes to the bill, which passed the House last year, that loosen restrictions on the use by the government of information shared by the private sector. However, the administration remains concerned about privacy protections, saying the “bill does not require private entities to take reasonable steps to remove irrelevant personal information when sending cybersecurity data to the government or other private sector entities.”
The bill provides incentives in the form of liability protections to companies to that share cyber threat data with the government. However, the administration’s statement said that companies need to be held accountable “and not granted immunity” if they don’t protect personal information.
The administration said it willing to work with the House Intelligence Committee to meet its concerns and craft a bill that meets the privacy protection standards it seeks without putting undue burdens or costs on the private sector.
The House is expected to take up the CISPA bill today and tomorrow.
Separately, the House yesterday voted 395-10 to approve a bill requiring federal agencies to conduct strategic planning to help guide federal research and development efforts in the area of cyber security. The Cybersecurity Enhancement Act of 2013 (H.R. 756) would also require the National Institute of Standards and Technology to coordinate across the federal government for cyber security awareness and training programs, create a university and industry task force to increase collaboration between the public and private sectors on cyber R&D, and authorize scholarships for students in the cyber security field in exchange for federal government service.