Cyber Threat Information Sharing Bill Advances

A long-awaited bill to enhance cybersecurity information sharing has taken a major step forward.

The House Permanent Select Committee on Intelligence on Thursday passed the Cybersecurity Information Sharing Act by voice vote. The bill, HR 1560, would allow private companies to share cyber threat information. Current privacy laws prohibit companies from sharing some information because it may contain private information of customers; this bill would require the companies to strip out privately sensitive and identifiable information before sharing threat information with others.

The bill has the strong support of the financial services community and has been a major priority of the Financial Services Roundtable.

"A critical and urgent need exists for Congress to remove legal impediments that prevent the public and private sectors from working even more effectively as a team to protect American consumers and our nation's critical infrastructure from cyberattacks," said Tim Pawlenty, who heads the group, said in a press release.

The legislation also allows the Director of National Intelligence, in coordination with other federal officials, to "in a timely manner" share classified cyber threat indicators to non-governmental cybersecurity workers with security clearances and non-classified information that can help companies build protections against hacks and other cyber attacks.

The bill also would set parameters for business to government information sharing, always a sensitive topic but particularly so after Edward Snowden's leaks regarding the scope of the government's digital spying efforts. Language in the bill prohibits information-sharing with the National Security Agency and Department of Defense. The legislative language also limits what can be shared to information pertaining specifically to cybersecurity threats, though it falls to the president and director of national intelligence to set specific policy on how to achieve this information sharing.

Should the bill become law, it would also establish a "cyber threat intelligence integration center" in the Office of the Director of National Intelligence to coordinate intelligence sharing and domestic protection against cyber threats.

"This bill will help defend U.S. networks against a wide array of cybercriminals who are becoming more active and more threatening every day," House Intelligence Committee Chairman Devin Nunes, R-Calif., said in a press release. "It's a bipartisan approach with strong privacy protections that will have a deep impact on this growing problem. In light of the urgency of the situation, I encourage House members to support this bill."

For reprint and licensing requests for this article, click here.
Law and regulation Data security Bank technology
MORE FROM AMERICAN BANKER