Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Future of Government Data Centers
- The Future of IT: How CIOs Can Enable the Service-Oriented Enterprise
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Mitigating Insider Threats in Virtual & Cloud Environments
- Modern Mission Critical Series
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
- Air Traffic Management Transformation Report
- Cloud First Report
- General Dynamics IT Enterprise Center
- Gov Cloud Minute
- Government in Technology Series
- Homeland Security Cybersecurity Market Report
- National Cybersecurity Awareness Month
- Technology Insights
- The Cyber Security Report
- The Next Generation Cyber Security Experts
Shows & Panels
Cyber information-sharing bill passes House intel committee
Friday - 12/2/2011, 8:36am EST
Federal News Radio
A bill to let spy agencies share intelligence on cyber threats with private companies was backed by a House of Representatives intelligence panel.
The Permanent Select Committee on Intelligence approved the legislation that would expand a pilot Pentagon program for sharing classified and sensitive threat information with defense contractors and their Internet service providers, Reuters reports. The bill was amended to expand privacy protections for data that companies give the government. That includes data that Internet providers would share about customers. That data could be used only for cyber or national security.
Some critics say this type of sharing amounts to government surveillance of private data.
"It's always a very, very difficult issue when you're talking about cybersecurity," said PSC Chairman Mike Rogers (R-Mich.), who co-sponsored the bill with Ranking Member Dutch Ruppersberger (D-Md.). "Many people confuse privacy and security issues as one in the same. They're really two different issues."
Rogers spoke to the Federal Drive with Tom Temin and Amy Morris on Friday morning about the challenges of crafting the bill.
Something for everybody
What the committee tried to do, Rogers said, is to put in place protections that would keep people's private information private while increasing the government's ability to stop malicious spyware or attack code making its way into computer networks. The bill makes it easier for companies to share hacking information with the government without the risk of being sued, provided that the company hasn't been negligent.
"It's a little bit of something for everybody, and it takes a big bite out of what is a growing and serious problem in cyber espionage and cyber attacks," Rogers said.
Companies would have to receive a security clearance from the government in order for the government share classified information with them. The information sharing would be coordinated through the director of national intelligence.
"Our intelligence services today have information that private networks and some government networks don't have," Rogers said. "But the law is very clear that NSA, if it sees malicious software heading to dot.mil or dot.gov, can absolutely do something about it."
"Where we ran into problems is when it's targeted to a dot.com," he said. "The law is not clear and no one believes they have the authority to do that." The new law seeks to allow the government to extend this protection to commercial networks.
Everything is voluntary
To those fearing that the new law would mean mandated government surveillance, Rogers said that it's all voluntary and contains nothing regulatory. The companies that want this protection would have to approach the government to request it.
"Cyber espionage is at an intolerable level" in the private sector, he said, which is why it's important to move the legislation through Congress as quickly as possible.
"Countries like China and Russia, even Iran now, are getting into the business of going in, stealing intellectual property, developing that company or business back in their home country and then competing directly against an American company," Rogers said.
As chairman of the intellegence committee, which passed the bill 17-1, Rogers is optimistic about the legislation's future. "We have meetings in the Senate next week," he said. "We feel very, very good that we're going to get a counterpart bill or at least support for this bill when it arrives in the Senate. We're negotiating with some folks in the Senate now to introduce a counterpart, which we think would be the best way to go."
This story is part of Federal News Radio's daily Cybersecurity Update. For more cybersecurity news, click here.