Key intel bills added to omnibus legislation
The omnibus spending bill filed in the House of Representatives December 16 includes the Cybersecurity Act of 2015 and the FY16 Intelligence Authorization Act. Versions of both bills have passed the House of Representatives with large, bipartisan majorities.
The Cybersecurity Act of 2015 is similar to the Protecting Cyber Networks Act (H.R. 1560), which passed the House on April 22 by a vote of 307-116. It also resembles the National Cybersecurity Protection Advancement Act of 2015, which passed the House by a vote of 355-63, and the Cybersecurity Information Sharing Act of 2015, which passed the Senate by a vote of 74-21.
The Cybersecurity Act of 2015 includes measures agreed upon in negotiations between the House Permanent Select Committee on Intelligence, the House Committee on Homeland Security, the House Judiciary Committee, the Senate Select Committee on Intelligence, and the Senate Committee on Homeland Security and Governmental Affairs. Designed to allow for greater information-sharing on cyber threats among private-sector companies and between the private sector and the government, the Act:
- Establishes the Department of Homeland Security (DHS) as the portal for cyber threat information sharing with the government, while giving the President the authority to designate an additional, civilian portal if the DHS portal fails to be fully and securely operational.
- Provides positive authority to share cyber threat indicators and defensive measures.
- Provides for strong and clear liability protections.
- Ensures that companies remove any extraneous personal information prior to sharing cyber threat data. DHS must then perform a second scrubbing of personal information, further disseminating that information in accordance with privacy and civil liberties guidelines drafted jointly by the Attorney General and DHS.
- Further safeguards privacy and civil liberties, and provides for strong oversight, by requiring detailed reports by Inspectors General and the Government Accountability Office.
As included in the omnibus bill, the Intelligence Authorization Act is nearly identical to the Intelligence Authorization Act for Fiscal Year 2016 (H.R. 4127), which passed the House on December 1 by a vote of 364-58. Authorizing funding for the Intelligence Community for the next fiscal year, the Act:
- Sustains and enhances critical capabilities to fight terrorism and counter the proliferation of weapons of mass destruction.
- Funds efforts to recover from unauthorized disclosures of intelligence capabilities.
- Sustains activities in Syria, Iraq, and Afghanistan to continue the fight against ISIS, al Qaeda, and the Taliban.
House Permanent Select Committee on Intelligence Chairman Devin Nunes said, “These bills are vital for protecting America’s digital networks and for implementing the necessary funding, authorizations, and oversight for the Intelligence Community. At a time when the United States faces pressing national security risks, Congress has delivered strong, bipartisan majorities for strengthening our defenses and for giving our Intelligence Community the tools it needs to identify, disrupt, and defeat threats to the homeland and our infrastructure. I’d like to thank Appropriations Committee Chairman Harold Rogers and Ranking Member Nita Lowey for including these crucial bills in the omnibus legislation, and I look forward to their quick passage into law.”
Ranking Member Adam Schiff said, “It is difficult to overstate the threat posed by bad cyber actors to our security, our privacy and our economy. After several years of effort, Congress has now produced a bipartisan cyber bill that allows the private sector and government to share information about malicious intrusions to protect Americans from further harm. The bill contains the strongest privacy protections to date, requiring personal information to be stripped out before malicious code is shared with DHS, and providing narrow liability protections to protect businesses that voluntarily participate in the program. It is the most significant effort by Congress to address the cyber threat to date, and should now become law.”