Congress

House passes second cyber measure

Shutterstock image: U.S. Capitol reflection in black and white.

The House overwhelmingly passed an information sharing measure April 23, the second in as many days that would create a long-sought legal indemnity framework for private companies to report to government on cyber threats and attacks, while giving government authority to share threat information with private companies.

The measure, which passed 355-63, originated in the House Homeland Security Committee. It would grant liability protection to companies that share details on cyberattacks with the Department of Homeland Security. The bill would establish the job of undersecretary for cybersecurity and infrastructure protection, to head a DHS operational component replacing the National Protection and Programs Directorate.

A privacy section would require companies sharing information and government to "reasonably limit, to the greatest extent practicable" the inclusion of personally identifiable information on individuals in shared threat indicators. An amendment added to the bill on the floor would sunset the legislation after seven years.

"This bipartisan, pro-privacy, pro-security bill has been three years and hundreds of stakeholder meetings in the making. I look forward to moving this landmark bill over to the Senate and getting it to the president’s desk as quickly as possible," said House Homeland Security Committee Chairman Michael McCaul (R-Texas).

The Obama administration has concerns about the extent of the privacy protections in the bill, and what it considers overly broad protection from liability. But the White House encouraged House passage, expecting to have another crack at making changes when the Senate considers information sharing legislation.

The House passed a competing measure that originated in the House Select Committee on Intelligence on a vote of 307-116 on April 22.

The Intel bill tasks the Office of the Director of National Intelligence with sharing cyber threat indicators with private firms, and would authorize private firms to defend their networks against attack. It also would provide statutory authority for the Cyber Threat Intelligence Integration Center, recently proposed as an addition to ODNI by the Obama administration.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.