The Senate Intelligence Committee on March 12 marked up the Cybersecurity Information Sharing Act of 2015, which is aimed at increasing the sharing of cyber threat data between the federal government and the private sector.
The bill, which was approved 14-1 in the closed committee markup, wasn’t available at our press time March 12.
Sen. Richard Burr (R-N.C.), chairman of the committee, announced the markup on the evening of March 11. Burr and Sen. Dianne Feinstein (D-Calif.), vice chairman of the panel, co-sponsored the Cybersecurity Information Sharing Act of 2015.
An earlier version of the CISA bill was approved by the committee in July.
“This bill is the result of extensive effort across multiple Congresses, including last year’s legislative push that nearly crossed the finish line,” Burr said in a statement on March 11. “Earlier this year, the vice chair and I revisited last year’s legislation, hoping to examine ways to improve that already good product, and to incorporate additional input from the business sector, privacy and civil liberties advocates, and the administration.”
The committee said the bill contains incentives to increase the sharing of cyber security threat information, which would be voluntary for companies to share with each other and the government.
The bill also requires the Director of National Intelligence, the Secretary of Homeland Security, the Secretary of Defense, and the Attorney General to develop procedures for increasing the sharing of classified and unclassified cyber threat information with the private sector, a committee press release says.
To achieve privacy protections, the committee also says that the term cyber threat indicator is narrowly defined to limit the amount of information that may be shared under the act and requires the removal of personal information prior to the sharing of cyber threat indicators. It also restricts the government use of voluntarily shared information to cyber security and serious crimes.