DOJ, DHS due to deliver final cyber policies under info sharing law

DOJ, DHS due to deliver final cyber policies under info sharing law
© Getty Images

Several federal agencies face deadlines this week related to the major cybersecurity information sharing law passed as part of last year’s omnibus.

ADVERTISEMENT

The Office of the Director of National Intelligence (DNI) and the Office of Management and Budget by Thursday are expected to deliver a report to Congress on the ways in which an adversary might be able to gain access to classified information by exploiting an unclassified information system.

The report is due to the Intelligence committees of both chambers.

The Department of Justice (DOJ) and the Department of Homeland Security (DHS), meanwhile, are required under the law to report public guidelines governing how federal agencies will protect privacy and civil liberties when sharing cyber threat indicators.

The DOJ and the DHS are also expected to deliver finalized policies on how companies can best share cyber threat data with the government.

The DHS issued its interim guidance in February.

The mandates were included in the Cybersecurity Act of 2015, which encourages companies to share hacking threat information with the government, to assuage fears that the law will simply shuttle more personal data on Americans to intelligence agencies.

Congress passed the Cybersecurity Act in December, with Obama signing the bill just before the new year.

Supporters — including most lawmakers and many industry groups — said the measure was necessary to help both government and businesses better understand and combat hackers.

“We know many cyber intrusions can be prevented if we share cyber threat indicators,” said DHS Secretary Jeh Johnson in a February statement.

Several other agencies also face 180-day deadlines on Thursday, including the Office of Personnel Management and the National Institute of Standards and Technology.