In another effort toward cybersecurity legislation, two senators released a draft of an information sharing bill on Tuesday.
The Cybersecurity Information Sharing Act allows companies to legally share data on cyber attacks and provides them liability protections. Additionally, the bill has several measures for ensuring privacy, including the removal of personally identifiable information, privacy procedures written by the attorney general and supervision from Privacy and Civil Liberties Oversight Board.
Sens. Dianne Feinstein (D-Calif.) and Saxby Chambliss (R-Ga.), chairman and vice chairman of the Senate Intelligence Committee, previously circulated the bill’s text in April. At the time, Reps. Mike Rogers (R-Mich.), chairman of the House Intelligence Committee, and Dutch Ruppersberger (D-Md.), the ranking member, expressed their support for the bill. The congressman released a second endorsement of the bill on Tuesday.
“We are confident that a final bill that enhances our security while protecting privacy and civil liberties can be worked out quickly in conference,” they said in a statement.
Both liability and privacy proved major sticking points for failed cyber laws over the past several years. Gridlock in congress provoked the Obama administration’s executive order on protecting critical infrastructure and the resulting Cybersecurity Framework. Like those measures, this latest bill encourages information sharing but does not require it. However, experts suggest that liability and privacy protections are the incentives needed to eliminate the private sector’s resistance to sharing data with the federal government.
“If incentives were not necessary, than we would already have some of this stuff,” Venable LLP partner Jamie Barnett said in an interview with Defense Daily earlier this year.
Barnett and many others in the cyber community have actively encouraged legislation–from providing legal protections to giving tax breaks to firm’s that invest in their own cybersecurity. Barnett believes the information sharing controversies that have stymied the growth of the cybersecurity market.
“We’re stuck right now on information sharing bills on the Hill. That’s good but it’s a far cry from what we need,” he said.
The Senate Intelligence Committee is expected to consider the legislation next week.