From CHIME’s weekly Washington Debrief Newsletter:
Key Takeaway: With impressive bipartisan support, two legislative proposal to encourage cyber threat information sharing were passed by the House of Representatives last week.
Why it Matters: The ability to easily, safely and confidently share cyber threat indicators with government and private sector entities was a cornerstone of cyber security proposals from both the Obama administration and Congressional leaders. This week, the House easily passed legislation offering liability protections for organizations that share cyber threat information with government entities and other recognized organizations, such as the Information Sharing and Analysis Centers (ISACs), for the good of the American public.
Though there are may similarities between the bills, the proposals diverge over where the portal for information sharing would be located. Both bills would mandate the removal of personal information by entities before it’s shared, with HR 1560 requiring an additional scrub by the government. Both pieces of legislation will sunset after seven years.
The Protecting Cyber Networks Act (HR 1560) was passed by the House last week but a vote of 307-116, after being approved by the Intelligence Committee on March 26. The legislation would enable the president would to decide which agency is responsible, so long as it isn’t with the Defense Department or National Security Agency. This bill would grant liability protections when companies are giving data to any civilian agency, such as the Treasury or Commerce Departments.
The National Cybersecurity Protection Advancement Act of 2015 (HR 1731) passed the House by a vote of 355-63 last Thursday. This legislation which came out of the House Committee on Homeland Security under the leadership of Chairman Michael McCaul (R-TX-10) on April 14. The bill designates the Department of Homeland Security (DHS) to host the portal. This legislation only gives companies liability protections when sharing data with the DHS, this proposal is viewed to be stronger on privacy. Now that both proposal have been passed by the House, the leadership has indicated that HR 1731 will become a provision of HR 1560.
In a similar fashion, the Senate plans to consider the Cybersecurity Information Sharing Act (CISA) of 2015 (S. 754), perhaps as early as the first week of May. In March, the Select Committee on Intelligence reported CISA out of the Committee for consideration by the full Senate, by a strong bipartisan vote of 14 to 1. The legislation is designed to encourage the sharing of data between private companies and the government to prevent and respond to cybersecurity threats.
All three legislative proposal are sector agnostic, without any special consideration or deference to the healthcare sector. However, the Senate Committee on Health, Education, Labor and Pensions continues to evaluate cyber security challenges in healthcare settings.