Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
Bill to establish cyber sharing nonprofit clears House subcommittee
Tuesday - 2/7/2012, 10:19am EST
The bill — Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act of 2011 (H.R. 3674) — designates DHS as the "single focal point for protecting federal networks and systems," as well as for private sector critical infrastructure, said bill sponsor Rep. Dan Lungren (R-Calif.), chairman of the Committee on Homeland Security's Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies.
The proposal sets up a not-for-profit organization called the National Information Sharing Organization to facilitate voluntary cyber collaboration between the federal government and private entities.
Companies now might not have confidence that sharing information with the government won't "come back and boomerang against them," Lungren said in an interview with The Federal Drive with Tom Temin. NISO helps establish a level of trust between the private sector and the government, he added.
Lungren said the government would put up "seed money" for NISO for the first three years. After that, participants would contribute to the organization's funding, he said.
"The idea is that we want to establish a facilitator of trust so that this exchange of information can take place in a timely place," he said. "And if in fact it doesn't work, it'll fall of its own weight after three years because the government's not going to support it. The whole idea is to have the private sector buy into it."
The Senate is not considering a direct companion bill but does have a comprehensive bill that, like Lungren's bill, gives DHS the central cyber authority. However, the Senate version also makes DHS a cyber regulator, something that Lungren suggested could lead to duplication. Lungren said his bill maintains the current regulatory scheme — cybersecurity will be folded into the responsibilities of agencies that already regulator a particular sector.
"We're trying to avoid duplication. We're trying to avoid a second layer of regulation," he said.
Privacy advocacy nonprofit the Constitution Project has warned that the cyber bills Congress is considering must have effective oversight and include strong safeguards that limit the sharing of private information.
"We want to make sure personally identifiable information is sanitized out of that sharing unless that is absolutely necessary for the cybersecurity purpose," said Sharon Bradford Franklin, senior counsel with the Constitution Project, in an interview last month with Federal News Radio.
An amendment to Lungren's bill allows "private right of action" against anyone who misuses the information shared with the NISO. The bill also includes criminal penalties.
"We have tried to tie this thing up so in fact it does protect those civil liberties," Lungren said.
Lungren expressed confidence that cyber legislation could pass this session.
"This is not a partisan issue ... I would hope this would be one example of a bipartisan effort that could be concluded in a presidential election year when much is usually not able to be achieved."