Senate Intelligence Committee introduces cybersecurity bill
The Cybersecurity Information Sharing Act (S.754), approved on March 12 by the Senate Intelligence Committee on a 14-1 vote and introduced on March 17, creates additional incentives to increase sharing of cybersecurity threat information while protecting individual privacy and civil liberties interests and offering liability protection to the private sector.
The bill includes a number of significant modifications from previous versions. These changes address a range of concerns, notably those raised by privacy advocates. In an effort to ensure this year’s bill enjoys strong bipartisan support, committee Chairman Richard Burr (R-NC), Vice Chairman Dianne Feinstein (D-CA), and ex officio member Senator John McCain reviewed a long list of potential revisions from last year’s bill and adopted many of them.
“I’m proud of the Committee’s work and the quality of this bill,” said Burr. “This legislation protects the privacy rights of Americans while also minimizing our vulnerability to cyber-attacks. Information sharing is purely voluntary and companies can only share cyber-threat information and the government may only use shared data for cybersecurity purposes. This legislation provides important liability protection for entities that share cyber threat information as provided in the bill. It further requires that both private and government entities remove personal information prior to sharing. These are protocols which will help minimize the threat to the United States and also ensure that our citizens are less likely to experience the same scale of attacks as we’ve seen in the Sony and Anthem attacks.”
“One lesson we learned from previous information sharing bills is that we need strong privacy provisions,” Feinstein said. “There has been misinformation about this bill, so let me be clear: The goal of the bill is for companies and the government to voluntarily share information about cybersecurity threats—NOT personal information—in order to better defend against attacks. This bill includes more than a dozen significant changes from last year’s version. The privacy provisions are substantial and I believe address many of the concerns that had been raised in regard to earlier drafts of the bill.”
Text of S.754 can be found here.