Industry's FOIA shield debated

House members on Thursday stood behind their bill to give companies an exemption

from the Freedom of Information Act when sharing information about cybersecurity.

However, critics say the bill is unnecessary and that the government cannot

handle the information that industry would provide.

The Cyber Security Information Act, co-sponsored by Reps. Tom Davis (R-Va.)

and James Moran (D-Va.), is designed to promote the sharing of cybersecurity

information between the private sector and government.

The administration has asked agencies to work with industry and form information

sharing and analysis centers (ISACs). The financial services sector has

started its ISAC, and the telecommunications and information technology

sectors are working on ISACs. But businesses consistently have raised questions

about the sharing of security information, Moran said before the House Government

Management, Information and Technology Subcommittee on Thursday.

"Their concerns stemmed from the lack of clarity in antitrust laws and concerns

related to disclosures the government would have to make based on [FOIA],"

he said.

The Davis-Moran bill is based on the Year 2000 Information and Readiness

Disclosure Act. It will provide a limited FOIA exemption, protecting companies

from civil litigation over shared information, and it establishes an antitrust

exemption for information shared within an ISAC, Davis said.

However, David Sobel, general counsel for the Electronic Privacy Information

Center, said that existing FOIA exemptions already protect information that

would be shared in an ISAC. "The courts have really bent over backwards

to make sure private-sector companies do feel comfortable sharing information

with the government," he said.

Davis said companies perceive those protections as not enough, and they

will not share information with government until they have "ironclad assurance"

that it will not be released.

The bill could provide agencies with a better picture of information security

threats across the country because it "creates an additional protected channel

for potent, valuable information," said Joel Willemssen, director of civil

agencies information systems at the General Accounting Office.

But regardless of whether the bill succeeds, the government may not be prepared

to deal with the information, Willemssen said. Agencies don't have a process

to ensure that they are collecting the correct information, nor is there

evidence the organizations in place can analyze and share this information

in a timely manner, he said.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.