"Unfortunately, the private sector entities that operate the critical networks that control financial markets, power plants, dams, and communications are prevented in very real ways from sharing information to warn each other of cyber threats," Feinstein said. "Barriers to such sharing include perceived financial and reputational risks; legal barriers in electronic surveillance laws; liability concerns that arise from potential lawsuits; and lack of one Federal agency in charge of cyber information sharing.
"Participation in information sharing in this bill would be voluntary for companies, but any company that does share threat information will be protected for doing so, and the information would be subject to strict privacy controls," she added.
The bill would also require the federal government to designate an agency that would serve as a hub for receiving and exchanging information about cyber threats. And, it sets up procedures for the government to share classified information about cyber threats with "certified private sector entities."
"Generally, only government contractors can receive a security clearance, but other companies, such as Internet Service Providers, need to receive classified threat information in order to protect against attacks," Feinstein said. "This bill makes them eligible to receive security clearances for that purpose. Those companies would be under the same restrictions to protect classified information as the government."
Feinstein's bill was introduced just before the Senate Homeland Security Committee was expected to introduce a bill that would let companies appeal federal government decisions on imposing new cybersecurity regulations that affect their industries.