03.11.15

Senate Intel Committee to Consider Cybersecurity Bill Tomorrow

Bipartisan legislation to ensure cybersecurity information sharing includes numerous privacy protections for Americans

WASHINGTON – The Senate Select Committee on Intelligence (SSCI) will hold a closed business meeting to mark up the bill, “Cybersecurity Information Sharing Act of 2015,” on Thursday, March 12th at 2:30 p.m.  This original legislation, which is co-sponsored by SSCI Chairman Richard Burr (R-NC) and Vice Chairman Dianne Feinstein (D-CA), creates additional incentives to increase sharing of cybersecurity threat information while protecting individual privacy and civil liberties interests and offering liability protection to the private sector.

“Recent cyberattacks against Sony, Anthem, and others have shown that our cyber adversaries consider nothing off limits,” said Burr.  “This bill is the result of extensive effort across multiple Congresses, including last year’s legislative push that nearly crossed the finish line.  Earlier this year, the Vice Chair and I revisited last year’s legislation, hoping to examine ways to improve that already good product, and to incorporate additional input from the business sector, privacy and civil liberties advocates, and the Administration.  This current bill is critically important both for our agencies that keep the country safe, and the institutions that hold millions of Americans’ personal information.”

“I’m pleased that Chairman Burr and I were able to reach an agreement on a cybersecurity information-sharing bill that will increase cybersecurity in the private sector and government while protecting privacy interests,” said Feinstein. “This legislation, which we will mark up tomorrow, represents compromises on both sides following feedback from the executive branch, private sector and privacy advocates. This bill is an important step toward increasing our national and economic security, and I hope that after the committee votes on the bill, Senate leaders will quickly bring it before the full Senate for debate.”

Key bill provisions of the Cyber Information Sharing Act of 2015 include:

  *   Provides for increased, and purely voluntary, cybersecurity information sharing for companies to share with each other and the federal government.
  *   Includes numerous privacy protections to prevent over-sharing or government misuse of shared information.
  *   Requires the Director of National Intelligence, Secretary of Homeland Security, Secretary of Defense, and the Attorney General to develop procedures for increasing the sharing of classified and unclassified cyber threat information to the private sector, consistent with the protection of sources and methods.

Privacy protections include:

  *   Does not require any private sector entity to share cyber threat information. Sharing is strictly voluntary.
  *   Narrowly defines the term “cyber threat indicator” to limit the amount of information that may be shared under the Act.
  *   Restricts government use of voluntarily shared information to cybersecurity and serious crimes.
  *   Requires the removal of personal information prior to the sharing of cyber threat indicators.

As in the 113th Congress, this markup will be closed. The bill language will be available after amendments are incorporated post mark up.