House Intel unveils cyber sharing legislation

House Intel unveils cyber sharing legislation

The House Intelligence Committee on Tuesday afternoon will introduce its bill to bolster cyber threat data sharing between the government and the private sector.

“It’s taken us five years to get to this point,” said Intelligence Committee Chairman Devin Nunes (R-Calif.), during a Tuesday morning roundtable with reporters.

ADVERTISEMENT

“We’re light years ahead of where we were last session,” added ranking member Adam SchiffAdam Bennett SchiffHillicon Valley: YouTube disables 200+ accounts over Hong Kong misinformation | Lawmakers sound alarm over Chinese influence efforts | DHS cyber agency details priorities | State AGs get tough on robocalls | DOJ busts online scammers Nadler asks other House chairs to provide records that would help panel in making impeachment decision YouTube disables over 200 accounts amid protests in Hong Kong MORE (D-Calif.).

The bill, called the Protecting Cyber Networks Act, will provide legal liability protections for companies when they share cybersecurity information with civilian government agencies, such as the Department of Homeland Security or the Treasury Department.

Lawmakers, government officials and most industry groups argue that heightened sharing is necessary to bolster the nation's faltering cyber defenses. Repeated hacks of high-profile companies like Home Depot and Sony Pictures Entertainment — which is in Schiff's district — have only raised pressure on lawmakers to get something done.

The measure would not grant liability protections for companies sharing cyber data directly with the Department of Defense or National Security Agency, a critical sticking point for privacy advocates.

The bill would, however, authorize real-time sharing within the government, meaning information could come in through a civilian agency and get shuffled to the Defense Department or NSA.

“We delegate to the president to pick what agency would be the primary intake as long as it’s not DOD or NSA,” said Schiff.

The bill is the final piece of the cyber puzzle in Congress.

The Senate Intelligence Committee approved a similar measure by a 14-1 vote two weeks ago. That bill is seen as the Senate’s omnibus offering on cyber information sharing. Unlike its House counterpart, the Senate bill specifies the DHS as the preferred data portal but also allows some direct, nonelectronic data sharing with the NSA.

The House Homeland Security Committee on Friday also unveiled its own cyber information-sharing measure, which is seen as complementary to the House Intelligence panel’s efforts.

All three bills are expected to get floor votes sometime in April. Observers give the entire batch a fair chance of passing, but the result of those votes will determine how congressional leaders move forward on a final cyber bill.

Nunes said the White House is the central player in determining how those votes play out.  

“If they issue a veto threat or say anything negative about this legislation, it’s dead,” he said.

The White House threatened to veto the Intelligence panel’s 2014 effort at a cyber information-sharing bill, which was widely opposed by many Democrats and civil liberties advocates.

Both Nunes and Schiff think this most recent iteration has addressed the major privacy issues that caused White House opposition last year.

“It’s up to them,” Nunes said. “That’s just reality here. We’re not going to play political games here.”

The White House in January released its own heavily promoted cyber information-sharing proposal, which would designate the DHS as the lead portal on all public-private cyber data exchanges.

Intelligence Committee sources said their bill was heavily influenced by the White House’s offering.

Although the measure doesn’t explicitly state that the DHS should serve as the lead portal, it gives the White House discretion to make that decision.

The measure is also the first cyber bill to specifically include duties for the White House’s newly authorized cybersecurity agency, the Cyber Threat and Intelligence Integration Center (CTIIC). The CTIIC is meant to serve as a hub to analyze cyber data collected by various government agencies.

“We’ve teed it up for the White House,” Nunes said.

Intelligence Committee sources said they had briefed administration officials on the bill yesterday. Their initial reception seemed mostly favorable, they said.

If the White House offers "a full-throttle endorsement and support," Nunes said, “there’s a good chance we can get this across the finish line."