Cybersecurity

McCaul readies cyber bill with added liability protections

Wikimedia image: Michael Thomas McCaul, Sr. (U.S. Representative for Texas's 10th congressional district)

Rep. Michael McCaul (R-Texas)

House Homeland Security Committee Chairman Michael McCaul (R-Texas) said he hopes to send a cybersecurity information-sharing bill that includes added liability protections for companies to the House floor next month.

A legislative proposal the White House issued in January does not go far enough in offering companies legal protection when they share threat information, McCaul said March 17 in a speech at the Center for Strategic and International Studies in Washington, D.C.

"Companies are hesitant to share information about cyber threats and intrusions that take place in their networks" for fear of being sued for revealing customers' personal information, McCaul said. "As a result, the vast majority of cyberattacks go unreported, leaving others vulnerable to the same intrusions."

McCaul's work on liability protections could go beyond the forthcoming bill: He said he is working with the House Judiciary Committee to craft "a liability exemption standard that addresses these issues and will be used in other cyber information-sharing legislation in the House."

The White House's proposal would offer companies "targeted liability protection" when they share cyber threat information with the National Cybersecurity and Communications Integration Center, the Department of Homeland Security's hub for monitoring cyberspace and disseminating warnings.

McCaul said the government is not doing enough to encourage the private sector to be a full participant in the center. His bill would give companies further liability protection to encourage them to "monitor their own information systems and…use defensive measures to prevent intrusions," he added.

Under his legislation, a hacked bank, for example, would "not be held back from sharing details of the attack with either the government or other banks and businesses, as long as the sharing is done through the appropriate channels and does not compromise the private information of customers and citizens," McCaul said.

He touted DHS' involvement as a possible antidote to concerns that information-sharing legislation would expand government surveillance. Companies can trust NCCIC, he said, because it "is not a cyber regulator. It cannot prosecute you, and it is not a spy agency.

National Security Council spokesman Mark Stroh said the Obama administration would not comment on draft legislation. White House officials have tried to walk a fine line in supporting expanded information sharing while addressing the privacy concerns that have hampered similar legislation in the past.

About the Author

Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.

Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.

Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.


Featured

  • Cybersecurity
    Shutterstock photo id 669226093 By Gorodenkoff

    The disinformation game

    The federal government is poised to bring new tools and strategies to bear in the fight against foreign-backed online disinformation campaigns, but how and when they choose to act could have ramifications on the U.S. political ecosystem.

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.