Davis preps FOIA exemption

Rep. Tom Davis (R-Va.) is planning to reintroduce a bill as soon as next week to protect companies that share cybersecurity information with federal agencies.

The new bill is a reworking of the Cyber Security Information Act co-sponsored last year by Rep. James Moran (D-Va.). It will provide companies with a specific exemption from the Freedom of Information Act for information they share with federal organizations such as the Federal Computer Incident Response Center (FedCIRC), the coordinating center for civilian agencies on cyberattack alerts and analysis.

Davis has been working on a draft of the bill, which is one of his top technology priorities, spokesman David Marin said in January. The decision to put forward the new version comes as Sen. Robert Bennett (R-Utah) announced plans to introduce a similar bill in the Senate. Davis will talk with the senator on how to coordinate the two, Marin told Federal Computer Week today.

Vendors and agencies, including FedCIRC and the Justice Department, have been pushing for an exemption to cover security information because of the priority on securing systems that support the nation's critical infrastructure. Presidential Decision Directive 63, signed by President Clinton in May 1998, identified critical infrastructure systems as including those that run the nation's electric power grids and those that maintain telecommunications networks.

PDD-63 required federal agencies to take the lead on securing these systems, many of which are under the control of the private sector. Companies must feel comfortable telling the government about security breaches, officials have said many times in the past.

However, experts have insisted that data such as the security information targeted by these bills is already covered in exemptions recognized by courts, and they say another exemption would be nothing more than show.


  • Cybersecurity
    Boy looks under voting booth at Ventura Polling Station for California primary Ventura County, California. Joseph Sohm / Shutterstock.com

    FBI breach notice rules lauded by states, but some want more

    A recent policy change by the FBI would notify states when their local election systems are hacked, but some state officials and lawmakers want the feds to inform a broader range of stakeholders in the election ecosystem.

  • paths (cybrain/Shutterstock.com)

    Does strategic planning help organizations?

    Steve Kelman notes growing support for strategic planning efforts -- and the steps agencies take to keep those plans relevant.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.