On March 24, 2015, members of the House Permanent Select Committee on Intelligence, including Connecticut Congressman Jim Himes, the Ranking Member of the Cybersecurity Subcommittee, issued statements commenting on the introduction of the Protecting Cyber Networks Act. For the text of the Protecting Cyber Networks Act, click here.
In his comments yesterday, Congressman Jim Himes noted that his committee worked in a bi-partisan fashion to craft this much-needed legislation on cybersecurity-related information sharing. Congressman Himes described the Act as a “critical next step in securing our networks, preserving our privacy and safeguarding against the kinds of cyber-attacks we’ve seen against Anthem, Target and Home Depot.”
According to its drafters, the Act would enable private companies to share cyber threat indicators on a voluntary basis with one another and with the federal government, so long as the information does not go through the NSA or DOD. This voluntary information sharing among companies is designed to help businesses defend themselves against cyber-attacks, while voluntary two-way information sharing with the federal government will help officials expedite the release and circulation of more accurate information on cyber threats.
With information sharing comes a risk to privacy and civil liberties. Therefore, the Act seeks to protect privacy by, among other things, requiring private entities to remove personally identifiable information from the data before sharing cyber threat indicators and by prohibiting the government from forcing private sector entities to provide information This proposed legislation does not allow for sharing information for non-cyber threat purposes.
It remains to be seen how this Act will fare in Congress among the flurry of recently proposed cybersecurity legislation; however, this one could have legs.