The chairman and ranking members of the House Intelligence Committee yesterday reintroduced legislation that would provide liability protections to American businesses to enable them to share cyber threat information with each other and with the intelligence community on a voluntary basis.
The Cyber Intelligence and Sharing Protection Act (H.R. 3523), or CISPA, passed the House last year by a vote of 248-168, although the Obama administration opposed the measure.
The bill also allows the intelligence community to pass classified cyber threat information to the private sector to help companies better protect themselves against threats to their networks. An Executive Order issued earlier this week also allows for the federal government to pass cyber threat data to select critical infrastructure but cannot provide the liability protections that industry wants to share threat data with each other and the government.
The CISPA bill was introduced by Rep. Mike Rogers (R-Mich.), the committee chair, and Rep. Dutch Ruppersberger (D-Md.), the ranking member. Ruppersberger told reporters yesterday on a conference call that they have engaged the White House on the legislation and said the administration has expressed a willingness to work with the committee on the bill.
“We need to provide American companies the information they need to better protect their networks from these dangerous cyber threats,” Rogers said in a statement.
The bill also includes privacy and civil liberties protections, such as restrictions on the government’s use and retention of any data the private sector shares with it and reviews by the inspector general of the intelligence community of the government’s use of data voluntarily shared by industry. It also limits the information that industry can share to cyber threat information for cyber security purposes.