Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
Cyber information-sharing bill passes House intel committee
Friday - 12/2/2011, 8:36am EST
Federal News Radio
A bill to let spy agencies share intelligence on cyber threats with private companies was backed by a House of Representatives intelligence panel.
The Permanent Select Committee on Intelligence approved the legislation that would expand a pilot Pentagon program for sharing classified and sensitive threat information with defense contractors and their Internet service providers, Reuters reports. The bill was amended to expand privacy protections for data that companies give the government. That includes data that Internet providers would share about customers. That data could be used only for cyber or national security.
Some critics say this type of sharing amounts to government surveillance of private data.
"It's always a very, very difficult issue when you're talking about cybersecurity," said PSC Chairman Mike Rogers (R-Mich.), who co-sponsored the bill with Ranking Member Dutch Ruppersberger (D-Md.). "Many people confuse privacy and security issues as one in the same. They're really two different issues."
Rogers spoke to the Federal Drive with Tom Temin and Amy Morris on Friday morning about the challenges of crafting the bill.
Something for everybody
What the committee tried to do, Rogers said, is to put in place protections that would keep people's private information private while increasing the government's ability to stop malicious spyware or attack code making its way into computer networks. The bill makes it easier for companies to share hacking information with the government without the risk of being sued, provided that the company hasn't been negligent.
"It's a little bit of something for everybody, and it takes a big bite out of what is a growing and serious problem in cyber espionage and cyber attacks," Rogers said.
Companies would have to receive a security clearance from the government in order for the government share classified information with them. The information sharing would be coordinated through the director of national intelligence.
"Our intelligence services today have information that private networks and some government networks don't have," Rogers said. "But the law is very clear that NSA, if it sees malicious software heading to dot.mil or dot.gov, can absolutely do something about it."
"Where we ran into problems is when it's targeted to a dot.com," he said. "The law is not clear and no one believes they have the authority to do that." The new law seeks to allow the government to extend this protection to commercial networks.
Everything is voluntary
To those fearing that the new law would mean mandated government surveillance, Rogers said that it's all voluntary and contains nothing regulatory. The companies that want this protection would have to approach the government to request it.
"Cyber espionage is at an intolerable level" in the private sector, he said, which is why it's important to move the legislation through Congress as quickly as possible.
"Countries like China and Russia, even Iran now, are getting into the business of going in, stealing intellectual property, developing that company or business back in their home country and then competing directly against an American company," Rogers said.
As chairman of the intellegence committee, which passed the bill 17-1, Rogers is optimistic about the legislation's future. "We have meetings in the Senate next week," he said. "We feel very, very good that we're going to get a counterpart bill or at least support for this bill when it arrives in the Senate. We're negotiating with some folks in the Senate now to introduce a counterpart, which we think would be the best way to go."
This story is part of Federal News Radio's daily Cybersecurity Update. For more cybersecurity news, click here.