Lawmakers will try again to pass cybersecurity legislation. (Mark Wilson / Getty Images)
Lawmakers on Capitol Hill consistently failed over the past two years to pass cybersecurity legislation, but that won’t stop them from trying again: The latest round of proposed cyber laws emerged earlier this week from the Senate Intelligence Committee.
Committee chairwoman Sen. Dianne Feinstein (D-Calif.) and Sen. Saxby Chambliss (R-Ga.), ranking Republican, on April 30 rolled out a proposed bill that would allow companies to share cyber threat information with each other and with the federal government without fear of legal repercussions. Similar legislation passed in the House last year but failed to gain traction in the Senate.
“We have worked together for months to draft a bill that allows companies to monitor their computer networks for cyber attacks, promotes sharing of cyber threat information and provides liability protection for companies who share that information,” Feinstein and Chambliss said in a joint statement. “After reaching agreement on draft legislation, we circulated that draft bill language to relevant parties in the executive branch, private industry and the privacy community for comment. Once those comments are returned, which we hope will happen quickly, we will consider the final legislation.”
In addition to lowering legal barriers for cyber threat-sharing, the bill calls on the Director of National Intelligence, the secretary of Homeland Security Department and the attorney general to coordinate and implement threat-sharing protocols in the federal government. It also forbids the use of any information shared for purposes related to gaining competitive advantage – a drawback that has chilled progress in the past.
All participation in threat-sharing would be voluntary.
Bills that focus on only pieces of comprehensive cybersecurity measures have managed to move forward after broader legislation fell flat in recent years. The two bills passed by the House last year centered on information-sharing alone. In the past, critics of the approach have said the measures do not go far enough in protecting the networks of the government and of privately owned critical infrastructure.
Within the Defense Department and other federal agencies, cybersecurity leaders repeatedly have appealed to Congress to pass laws that bolster network security within key entities. At his March confirmation hearing, new National Security Agency director and commander of U.S. Cyber Command Adm. Michael Rogers once again emphasized the need to open up lines of cyber threat communication between members of industry and government.
“I believe to be successful, we ultimately have to provide the corporate partners that we would share information with some level of liability protection,” Rogers said.