Davis revives cyberthreat bill

Rep. Tom Davis (R-Va.) reintroduced July 10 a bill aimed at encouraging the private sector to share cybersecurity incidents with federal agencies so the government has a better picture of threats to national security.

Davis and co-sponsor Rep. Jim Moran (D-Va.) first introduced the bill last year after the formation of several private-sector information sharing and analysis centers (ISACs).

President Clinton created the centers—designed to share security incidents within a market sector—as part of Presidential Decision Directive 63 in May 1998. PDD 63 requires that the federal government secure the systems that support the nation's critical infrastructure, such as telecommunications and electricity.

The banking and information technology sectors are among those that have already formed ISACs. But although they are sharing information among themselves, private-sector leaders have said they will not pass information on to government incident response organizations. This refusal stems from fears that information held by federal agencies may be exposed through the Freedom of Information Act.

Other sectors have not yet created ISACs because of concerns that sharing information in would violate federal antitrust laws and that it might increase their liability, officials have said.

There already are several exemptions to FOIA, and Davis and Moran's bill would simply create another, limiting information-sharing to national security-related information, said David Marin, Davis' communications director.

Legal and policy experts testified before the House Government Reform Committee last year that the cyberincident information would already be covered by existing FOIA exemptions. But other experts, including Richard Clarke, national coordinator for security, infrastructure protection and counterterrorism at the National Security Council, have said that a new exemption may be necessary to give companies the comfort level needed.

"The fact remains that the companies are not sharing their information with agencies," Marin said.

Featured

  • Comment
    Diverse Workforce (Image: Shutterstock)

    Who cares if you wear a hoodie or a suit? It’s the mission that matters most

    Responding to Steve Kelman's recent blog post, Alan Thomas shares the inside story on 18F's evolution.

  • Cybersecurity
    enterprise security (Omelchenko/Shutterstock.com)

    Does Einstein need a post-SolarWinds makeover?

    A marquee program designed to protect the government against cybersecurity threats is facing new scrutiny in the wake of Solar Winds Orion breach, but analysts say the program was unlikely to have ever stopped the hacking campaign.

Stay Connected