The House Intelligence Community on Wednesday marked up and overwhelmingly approved a bipartisan bill that would give the private sector liability protections to encourage information sharing about cyber threats.
The Cyber Intelligence Sharing and Protection Act (CISPA) of 2013 (H.R. 624), passed by an 18-2 vote, and is expected to go to the full House next week. The CISPA bill passed the House last year.
In addition to the liability protections, the bill would also permit the intelligence community to share classified cyber threat data with the private sector to help companies better protect themselves against threats. The bill’s chief sponsors are Rep. Mike Rogers (R-Mich.), the committee chairman, and Rep. Dutch Ruppersberger (D-Md.), the ranking member.
Before committee approval, several amendments were added to the bill to bolster privacy and limit government uses of shared cyber threat data. One provision would strengthen privacy protections through increased oversight of the government’s use of information received from the private sector while another narrows the government’s use of shared private sector information.
Another amendment requires the government to set procedures to limit the receipt, retention and use of personally identifiable information not needed to protect against cyber threats.
And to help ensure that companies don’t have cyber battles with one another, an amendment was passed that clarifies that the bill doesn’t permit companies to hack into other companies’ networks to retrieve data that was stolen from them.
The Obama administration last year opposed CISPA. It’s unclear at the moment what the administration’s position on the legislation is this year.