The House this week will consider the Cyber Intelligence Sharing and Protection Act, which passed the House Intelligence Committee by an overwhelming bipartisan margin of 17-1 in December 2011. There has been a lot of debate about this bill in the online community. As the authors of this bill, we would like to lay out the facts about what it would and would not do, but first we would like to address why we need it.
As leaders of the House Intelligence Committee, we are briefed on some of the most sensitive threats to our national security. We are frequently asked what keeps us up at night. A catastrophic cyberattack that could contaminate our water supply, disrupt the power grid, bring the banking world to a screeching halt — or worse — tops the list. That, in addition, cyber thieves from nation-states like China and others are working every day to steal invaluable trade secrets from American businesses such as pharmaceutical plans, pesticide formulas and more incited us to act.
The Cyber Intelligence Sharing and Protection Act changes that. This narrowly tailored legislation will allow the government to share classified cyber threat intelligence with companies so they can stop advanced cyberattacks from countries like China and Russia before they happen. Participating companies would then be able to give the government real-time feedback on the cyber threats they identify on a completely voluntary basis so that other networks can be protected. Analysts will use this information to better understand the attack, to identify who launched the attack. Companies that act in good faith to protect their networks will receive liability protection.
There has been a lot of misinformation online regarding this bill’s impact on privacy and civil liberties. This legislation allows companies to provide the government information about the cyberattack, computer code and things of that nature, and encourages companies to strip out any personal information. The information received by the government must be used for a cybersecurity or national security purposes. The bill expressly prohibits the government from requiring companies to give information in exchange for the cyber threat intelligence. And finally, the bill requires an annual report from the inspector general of the intelligence community to ensure none of the information provided to the government is mishandled or misused. Every step of this process is completely voluntary. The government cannot require companies to do or hand over anything. The bill does not allow the government to monitor private networks, read private email or censor or shut down any website.
After hearing concerns about the bill, we have proposed additional changes to the legislation in a show of good faith to work with interested parties. The new provisions include allowing the government to be sued for violating any of the privacy restrictions; ensuring the Department of Defense, and the National Security Agency don’t have any new authorities under the legislation to conduct surveillance of U.S. citizens; and ensuring the Department of Homeland Security, a civilian agency, receives information about cyberattacks.
This legislation is critical for our national and economic security. We urge our colleagues to vote for this important bill when it comes to the floor of the House this week.
Rogers is chairman of the House Permanent Select Committee on Intelligence. Ruppersberger is the ranking member on the committee.