Cyber information-sharing bill moves forward

The Senate Intelligence Committee approved a bill that would protect firms from legal liability for sharing cyber threats with the government.

The measure was approved12-3 on July 8.

Sen. Saxby Chambliss (R-Ga.), vice chairman of the Intelligence Committee and co-author of the bill with Chairwoman Sen. Dianne Feinstein (D-Calif.), released a statement urging the Senate to take up the legislation before the August recess. The Georgia Republican is retiring at the end of the year, lending urgency to his efforts to get a cybersecurity bill through Congress. A similar bill stalled in the Senate last year.

Two of the dissenters, Oregon Democrat Ron Wyden and Colorado Democrat Mark Udall, said they agreed with the need for information sharing between government and the private sector, but not in the manner laid out by the bill.

"The only way to make cybersecurity information sharing effective and acceptable is to ensure that there are strong protections for Americans' constitutional privacy rights," Wyden and Udall said in a statement. "Without these protections in place, private companies will rightly see participation as bad for business." The bill, they predicted, would not "materially improve cybersecurity."

The Senate bill would set up a "portal" in the Department of Homeland Security where private firms can confidentially share threat information without legal liability. Chambliss said at a recent cybersecurity conference that his faith in DHS as a competent organization has grown markedly under the leadership of Secretary Jeh Johnson.

DHS has welcomed any such augmented role in information sharing. "As far as DHS's role in information sharing, I think we can provide a service to other government partners. I would love to free up … the FBI to do more law enforcement and domestic intelligence," DHS’s Larry Zelvin said last month. He heads the department’s National Cyber and Communications Integration Center.