The new cyber sharing bill currently making its way through Congress makes changes to cyber security roles that already exist inside various agencies and would expand the ability of both government and private industry to detect and respond to cybersecurity threats. The White House has indicated that if the bill passes, it will be signed into law.
Absent from the legislation, however, is an important measure that businesses and lawmakers have been pushing for, for a number of years now: a clause that would enable cyber-information sharing between the private sector and intelligence agencies. Advocates for the bill believe it would be necessary in the prevention of a crippling cyberattack.
The new bill certainly will do nothing to outright prevent cyber attackers from doing harm, but most experts agree that it’s an excellent start and lays the foundation for the building of a much more robust security platform.
Lawmakers, intelligence officials and industry groups have heatedly argued over the country’s critical infrastructure which will remain at risk until both the public and private sectors can fully exchange information with the National Security Agency (NSA) about malicious and threatening malware and potential future cyberattacks.
Companies, however, fear that the government might disclose their security flaws which could expose them to risk in the form of shareholder lawsuits. Companies want an information sharing bill which would provide them with the necessary legal protection against this sort of problem.
The House information sharing bill and the Cyber Intelligence Sharing and Protection Act (CISPA) have been authorized, and many privacy advocates have been wary that the CISPA might give the NSA (National Security Agency) the ability to collect even more personal and confidential information on the American people.
Over a period of several months the House Homeland Security Committee has been methodically and quietly working alongside the Department of Homeland Security (DHS) officials, cybersecurity experts and industry representatives to craft a new bill to help the U.S. address its vulnerabilities to a variety of cyberattacks.
The National Cybersecurity and Critical Infrastructure Protection Act (NCCIP) and the legislation are coming together to work on these important security issues. The bill in its current state would strengthen and systematize civilian cybersecurity authorities within the Department of Homeland Security keeping consistent with their policies doctrine. This bill would help the Department of Homeland Security broaden its work with private individuals as well as to amend the Safety Act in order to establish a threshold for qualifying cyber incidents and be able to help address issues relating to cybersecurity.
If the bill passes three very important areas of cybersecurity reform will be addressed:
1. The removal of information sharing barriers
2. Requiring ongoing diagnostic monitoring
3. The establishment of civilian leadership over cybersecurity by providing statutory clarity for the Department of Homeland Security
What Would All The Changes Mean For Our Cybersecurity?
Cybersecurity threats grow greater each and every day, and it is clear that additional legislation will be required in order to fully address the nation’s cyber weaknesses.
The new House bill seeks to persuade companies to voluntarily sharing more computer information relating to cybersecurity with the government by offering the companies widened liability protection in return for their cooperation in the matter. Businesses and government agencies would be able to more effectively minimize, detect and maybe even prevent crippling hacks into their systems by sharing and analyzing greater amounts of information.
The House bill also makes it clear that private companies must make reasonable attempts to remove any personally-identifiable information before it is handed over to the government which will hopefully appease privacy concerns. There is also a stipulation which explicitly prohibits the use of information collected through the means of information sharing for any government surveillance purposes.