wfedstaff | June 4, 2015 5:14 pm
A bill that assigns the Homeland Security Department key cybersecurity responsibilities and sets up a nonprofit for public-private information sharing unanimously cleared a subcommittee vote last week.
The bill — Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act of 2011 (H.R. 3674) — designates DHS as the “single focal point for protecting federal networks and systems,” as well as for private sector critical infrastructure, said bill sponsor Rep. Dan Lungren (R-Calif.), chairman of the Committee on Homeland Security’s Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies.
The proposal sets up a not-for-profit organization called the National Information Sharing Organization to facilitate voluntary cyber collaboration between the federal government and private entities.
Companies now might not have confidence that sharing information with the government won’t “come back and boomerang against them,” Lungren said in an interview with The Federal Drive with Tom Temin. NISO helps establish a level of trust between the private sector and the government, he added.
Insight by Okta: This exclusive e-book highlights how identity and access management will continue to evolve as agencies face more aggressive cyber threats while keeping data and systems accessible.
Lungren said the government would put up “seed money” for NISO for the first three years. After that, participants would contribute to the organization’s funding, he said.
“The idea is that we want to establish a facilitator of trust so that this exchange of information can take place in a timely place,” he said. “And if in fact it doesn’t work, it’ll fall of its own weight after three years because the government’s not going to support it. The whole idea is to have the private sector buy into it.”
The Senate is not considering a direct companion bill but does have a comprehensive bill that, like Lungren’s bill, gives DHS the central cyber authority. However, the Senate version also makes DHS a cyber regulator, something that Lungren suggested could lead to duplication. Lungren said his bill maintains the current regulatory scheme — cybersecurity will be folded into the responsibilities of agencies that already regulator a particular sector.
“We’re trying to avoid duplication. We’re trying to avoid a second layer of regulation,” he said.
Privacy advocacy nonprofit the Constitution Project has warned that the cyber bills Congress is considering must have effective oversight and include strong safeguards that limit the sharing of private information.
“We want to make sure personally identifiable information is sanitized out of that sharing unless that is absolutely necessary for the cybersecurity purpose,” said Sharon Bradford Franklin, senior counsel with the Constitution Project, in an interview last month with Federal News Radio.
An amendment to Lungren’s bill allows “private right of action” against anyone who misuses the information shared with the NISO. The bill also includes criminal penalties.
“We have tried to tie this thing up so in fact it does protect those civil liberties,” Lungren said.
Lungren expressed confidence that cyber legislation could pass this session.
“This is not a partisan issue … I would hope this would be one example of a bipartisan effort that could be concluded in a presidential election year when much is usually not able to be achieved.”