Cybersecurity

McCaul readies cyber bill with added liability protections

Wikimedia image: Michael Thomas McCaul, Sr. (U.S. Representative for Texas's 10th congressional district)

Rep. Michael McCaul (R-Texas)

House Homeland Security Committee Chairman Michael McCaul (R-Texas) said he hopes to send a cybersecurity information-sharing bill that includes added liability protections for companies to the House floor next month.

A legislative proposal the White House issued in January does not go far enough in offering companies legal protection when they share threat information, McCaul said March 17 in a speech at the Center for Strategic and International Studies in Washington, D.C.

"Companies are hesitant to share information about cyber threats and intrusions that take place in their networks" for fear of being sued for revealing customers' personal information, McCaul said. "As a result, the vast majority of cyberattacks go unreported, leaving others vulnerable to the same intrusions."

McCaul's work on liability protections could go beyond the forthcoming bill: He said he is working with the House Judiciary Committee to craft "a liability exemption standard that addresses these issues and will be used in other cyber information-sharing legislation in the House."

The White House's proposal would offer companies "targeted liability protection" when they share cyber threat information with the National Cybersecurity and Communications Integration Center, the Department of Homeland Security's hub for monitoring cyberspace and disseminating warnings.

McCaul said the government is not doing enough to encourage the private sector to be a full participant in the center. His bill would give companies further liability protection to encourage them to "monitor their own information systems and…use defensive measures to prevent intrusions," he added.

Under his legislation, a hacked bank, for example, would "not be held back from sharing details of the attack with either the government or other banks and businesses, as long as the sharing is done through the appropriate channels and does not compromise the private information of customers and citizens," McCaul said.

He touted DHS' involvement as a possible antidote to concerns that information-sharing legislation would expand government surveillance. Companies can trust NCCIC, he said, because it "is not a cyber regulator. It cannot prosecute you, and it is not a spy agency.

National Security Council spokesman Mark Stroh said the Obama administration would not comment on draft legislation. White House officials have tried to walk a fine line in supporting expanded information sharing while addressing the privacy concerns that have hampered similar legislation in the past.

About the Author

Sean Lyngaas is a former FCW staff writer.

Featured

  • Defense

    DOD wants prime contractors to be 'help desk' for new cybersecurity model

    The Defense Department is pushing forward with its unified cybersecurity standard for contractors and wants large companies and industry associations to show startups and smaller firms the way.

  • FCW Perspectives
    tech process (pkproject/Shutterstock.com)

    Understanding the obstacles to automation

    As RPA moves from buzzword to practical applications, agency leaders say it’s forcing broader discussions about business operations

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.