Passing legislation to increase the public-private exchange of data on hackers is one of the most important ways Congress can help the country thwart cyberattacks, National Security Agency Director Adm. Michael Rogers said on Monday.
A pair of threat-sharing bills passed the House by wide margins last month, but the Senate’s companion legislation appears stalled until lawmakers determine whether to reform the NSA’s surveillance authority.
Advocates of the info-sharing bills — including a bipartisan coalition of lawmakers, most major industry groups and many government officials — argue the public and private sector need to swap more data to get a better understanding of how hackers are repeatedly penetrating the country’s networks.
But privacy and civil liberties advocates oppose the legislation, arguing it would simply shuttle more private data to the NSA and possibly give companies legal protection for not securing customer data.
The White House has indicated it is open to signing a bill that makes it through both chambers. But it’s anyone’s guess when, or if, the Senate will act.
Companies maintain they want to share more data with the government about the cyber threats they face, but are concerned about exposing themselves to shareholder lawsuits and government regulatory action. The legislation is intended to shield companies from legal liability when sharing cyber threat data with the government.
Rogers called those “very legitimate concerns.”
He said he understands when companies approach him to say, “Hey, I want to partner with you, I want to share more insights, but remember I have imperatives that shape me as a private business that perhaps you, the government don’t have.”
Congress can help alleviate those worries with legislation, Rogers said.
“Anything that I think we can do to provide some level of protection for that will only enhance our ability to share information,” he added.