Summary

To provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities, and for other purposes. Read More

Status

This bill was introduced in a previous session of Congress and was passed by the House on Apr 26, 2012 but was never passed by the Senate.

Date Introduced
Nov 30, 2011

Co-Sponsors

d-26
r-86

Bill Text

A BILL

To provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities, and for other purposes.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

This Act may be cited as the ``Cyber Intelligence Sharing and Protection Act of 2011''.

SEC. 2. CYBER THREAT INTELLIGENCE AND INFORMATION SHARING.

(a) In General.--Title XI of the National Security Act of 1947 (50 U.S.C. 442 et seq.) is amended by adding at the end the following new section:

``cyber threat intelligence and information sharing

``Sec. 1104. (a) Intelligence Community Sharing of Cyber Threat Intelligence With Private Sector.-- ``(1) In general.--The Director of National Intelligence shall establish procedures to allow elements of the intelligence community to share cyber threat intelligence with private-sector entities and to encourage the sharing of such intelligence. ``(2) Sharing and use of classified intelligence.--The procedures established under paragraph (1) shall provide that classified cyber threat intelligence may only be-- ``(A) shared by an element of the intelligence community with-- ``(i) certified entities; or ``(ii) a person with an appropriate security clearance to receive such cyber threat intelligence; ``(B) shared consistent with the need to protect the national security of the United States; and ``(C) used by a certified entity in a manner which protects such cyber threat intelligence from unauthorized disclosure. ``(3) Security clearance approvals.--The Director of National Intelligence shall issue guidelines providing that the head...

Read Full Text

Sentiment Map

Select:

Nation

0 Supporting
0 Opposing
0% 0%

State: CA

0 Supporting
0 Opposing
0% 0%

District: 1st

0 Supporting
0 Opposing
0% 0%

Popularity Trend

Organizations Supporting

Dear Chairman Rogers and Ranking Member Ruppersberger: We are writing to express the Business Roundtable’s support of H.R. 3523, the Cyber Intelligence Sharing and Protection Act of 2011, and to urge passage of this critical legislation. Increasingly, well-funded cyber adversaries are targeting our government as well as the U.S. business community, threatening our national and economic security. As articulated in the Business Roundtable policy statement, Mission Critical: A PublicPrivate Strategy for Effective Cybersecurity, threats to our cybersecurity demand advanced, collaborative public-private solutions that are supported by strong legal protections. Such solutions should avoid top-down, prescriptive approaches that do not reflect or respond effectively to a rapidly evolving threat environment and the reality of privately owned and operated information assets. Toward those ends, H.R. 3523 addresses some of the information sharing related challenges identified in the Mission Critical policy statement. The legislation represents an important first step in creating a framework for the effective sharing of cybersecurity information. For example, the legislation authorizes the Director of National Intelligence to implement effective, collaborative real-time information sharing capabilities between the public and private sectors. Business Roundtable is encouraged that this approach could lead to the integration of the full resources of the U.S. government, including defense, intelligence, homeland security, diplomatic, economic and trade assets. In addition, the legislation provides protections from disclosure of sensitive corporate information shared with the government. Finally, the legislation provides much-needed processes to expedite security clearances for both corporate facilities and staff that require access to cyber threat information. H.R. 3523 represents an essential component to a more robust and responsive cybersecurity infrastructure, and the Business Roundtable stands ready to work with you and your co-sponsors to advance this and any additional legislation that addresses key components of our policy principles. http://intelligence.house.gov/sites/intelligence.house.gov/files/documents/20111202CyberBillRoundtableEndorsement.pdf

Share

Dear Chairman Rogers: On behalf of CTIA – The Wireless Association®, I write to thank you for your leadership in fashioning legislation to facilitate greater information sharing between the federal government and the private sector, as well as among private sector entities. Enactment of this sort of legislation will contribute significantly to the expansion of sound cybersecurity practices. CTIA’s members take significant steps today to protect the integrity of their networks and the components that contribute to the operation of those networks. They have a strong incentive to do so because their customers depend on them to provide robust, secure solutions to meet government, corporate, and individual communications needs. But we know that there are threats from groups and individuals who seek to exploit any and every vulnerability they can find for profit and political ends. As CTIA’s members seek to stay ahead of these always-evolving threats, the sharing of information between carriers, their vendors, and the federal government can help to combat these efforts. At the same time, CTIA urges you to couple information-sharing flexibility with appropriate liability protections, exemptions from FOIA, and prohibitions from using information shared for cybersecurity purposes for regulatory purposes. These safeguards will ensure that critical cyber-defense information is shielded from disclosure to parties that should not have access to it. CTIA looks forward to working with you, Ranking Member Ruppersberger, and the rest of your colleagues to see information sharing legislation move forward at the earliest possible date. Your legislation will promote the sort of public-private partnership that will be necessary to defeat those intent on gaining unauthorized access to public and private sector networks. http://intelligence.house.gov/sites/intelligence.house.gov/files/documents/CTIA112911.pdf

Share

Dear Chairman Rogers and Ranking Member Ruppersberger: The Financial Services Roundtable supports the Cyber Intelligence Sharing and Protection Act, and applauds you for introducing this important legislation. This bill provides important updates and clarifications to the US Code that will facilitate and increase cyber intelligence information sharing within the private and public sectors. The Roundtable believes that the timely sharing of actionable threat information is critical to both private and public sector organizations in developing and deploying protective measures against malicious cyber activity. This legislation will modify current constraining rules to allow for improved information sharing, which is essential to the continued protection of the cyber ecosystem. This bill will enable existing information sharing and analysis mechanisms to gain access to important cyber threat information, which will improve the quality of the products and processes available for risk detection and prevention. Within the financial services sector, the Financial Services – Information Sharing and Analysis Center (FS-ISAC) plays a vital role in incident response coordination, information sharing and other operational activities. Through this proposed legislation, the FS-ISAC will have increased access to and a greater ability to share timely and actionable threat information with their private sector members and the government in an effort to protect networks, systems and data. We are encouraged that the bill provides a voluntary approach to information sharing, which reduces regulatory burden to American businesses. In addition, it creates opportunities for the private sector to share critical information with the government without fear of legal recourse. http://intelligence.house.gov/sites/intelligence.house.gov/files/documents/FinancialServicesRoundtable112911.pdf

Share

December 1, 2011 The following statement was released today by the Independent Telephone & Telecommunications Alliance (ITTA), and may be attributed to Genny Morelli, President of ITTA. “ITTA applauds House Intelligence Chairman Mike Rogers and Ranking Member Dutch Ruppersberger for moving aggressively on legislation to tackle daily threats to the nation’s broadband networks. “Every second, broadband networks, upon which our national security and economic well being depend, face the risk of cyber exploitation. ITTA members spend substantial capital every day protecting their residential consumers and high capacity business and government customers from cyber threats. However, absent the ability for private network owners and the government to exchange intelligence on cyber threats, our national security and economic well-being will remain vulnerable to attack. “ITTA and its members look forward to working with Chairman Rogers and Ranking Member Ruppersberger on moving H.R. 3523 to final passage.” http://intelligence.house.gov/sites/intelligence.house.gov/files/documents/ITTA121111.pdf

Share

(November 30, 2011) – Ralph Hellmann, Senior Vice President of Government Relations at the Information Technology Industry Council (ITI), today released the following statement regarding House Intelligence Committee Chairman Mike Rogers’s bill on information sharing: "We strongly support Chairman Rogers’s bill to address our nation's cybersecurity concerns. This legislation enables the intelligence community to more effectively share actionable information about cyber threats with the private sector, which is an essential component of improving cybersecurity." "While the Internet is largely owned and operated by the private sector, the government often has unique intelligence on cyber threats. Ensuring that the government's intelligence information is shared in real-time with those in the private sector who can act on it is critical to improving the security of cyberspace.” “We believe this legislation is an important component of Speaker Boehner's cybersecurity strategy outlined last month under the leadership of Rep. Mac Thornberry. The high-tech industry looks forward to working with Congress on this bill and we urge the House to debate and pass this legislation as soon as possible." http://www.itic.org/news/press-releases/chairman-mike-rogers-s-information-sharing-bill-will-meet-key-needs-in-improving-cybersecurity/

Share

The following statement can be attributed to NCTA President & CEO Michael Powell, responding to bipartisan legislation introduced today by House Intelligence Committee Chairman Mike Rogers (R, MI-8) and Ranking Member C. A. "Dutch" Ruppersberger (D, MD-2). The bill gives the federal government new authority to share classified cyber threat information with approved American companies. You can watch video of the bill's announcement here. "We applaud Chairman Rogers and Ranking Member Ruppersberger for introduction of the Cyber Intelligence Sharing and Protection Act of 2011 that will ensure better information sharing between all stakeholders involved in protecting our nation's critical cyber infrastructure. We appreciate that this legislation avoids a prescriptive regulatory regime that does not fit the constantly evolving cyber threat environment and it appropriately allows individual companies to determine how they can best participate. This legislation will protect both our national security and our customers and has the strong support of the nation's cable, telephone and wireless industries. We urge Congress to swiftly pass the Cyber Intelligence Sharing and Protection Act of 2011 into law." http://www.ncta.com/ReleaseType/MediaRelease/Statement-Regarding-Introduction-of-the-Cyber-Intelligence-Sharing-and-Protection-Act-of-2011.aspx

Share

Organizations Opposing

Dear Chairman Rogers and Ranking Member Ruppersberger: On behalf of the American Civil Liberties Union, a non-partisan organization with over half a million members, countless additional activists and supporters, and 53 affiliates nationwide, we write in opposition to H.R. 3523, the Cyber Intelligence Sharing and Protection Act of 2011. We ask that you delay markup to consider the privacy implications of the bill that would allow companies to share private data with the government. We urge you to amend the bill to include explicit collection and use limitations and rigorous oversight mechanisms. In the absence of such amendments, we will vigorously oppose this legislation as inconsistent with the long tradition of Americans’ reasonable expectations of privacy. The Cyber Intelligence Sharing and Protection Act would create a cybersecurity exception to all privacy laws and allow companies to share the private and personal data they hold on their American customers with the government for cybersecurity purposes. The bill would not limit the companies to sharing only technical, non-personal data. Instead, it would give the companies discretion to decide the type and amount of information to turn over to the government. If shared in good faith compliance with the statute, these entities would receive full liability protection and would be immune from criminal or civil liability, even after an egregious breach of privacy. Further, once an individual’s information is shared with the government, there would be no restriction on the use of that information. It could be used for any purpose whatsoever and shared with any agency. While such data might be used for cybersecurity purposes, there would be no bar on the government also using it to conduct fishing expeditions for criminal, immigration or other purposes. Beyond the potential for massive data collection authorization, the bill would provide no meaningful oversight of, or accountability for, the use of these new information-sharing authorities. Congressional reporting would be delegated to the Privacy and Civil Liberties Oversight Board (PCLOB). But the PCLOB has never been activated, therefore making it likely that no regular, institutionalized and substantive reporting will happen at all. Moreover, no federal agency or official has been tasked with issuing guidance to companies and government agencies as to how best protect privacy. Writing a statute to govern the sharing of cybersecurity information is a complex and challenging task. But any new programs simply must respect privacy. The White House’s May legislative draft, the Recommendations of the House Republican Cybersecurity Task Force, and the Privacy Impact Assessment of Einstein 3 all contained more explicit privacy protections than the new bill. We encourage the committee to borrow from any of these documents in improving the privacy provisions of the legislation. Any new information-sharing legislation must at a minimum do the following: · Narrowly define the privacy laws it will contravene. The committee must carefully consider what privacy laws truly inhibit necessary information-sharing and craft narrow exceptions limited to just those critical circumstances. · House domestic cybersecurity efforts in a civilian agency. Congress must not empower military or intelligence agencies such as the National Security Agency to collect the internet usage data of Americans. Cybersecurity efforts on American soil should be led by the private sector, and any government information collection must be coordinated by a civilian government agency. · Require companies to remove personally identifiable information (PII) from data they share with the government. While sharing technical data can take place without implicating civil liberties, a presumption of privacy should protect PII. Sharing PII should be an exception and not the norm, even if there could be certain limited exceptions to cover legitimate emergencies or other narrowly defined situations. · Limit government use of information shared for cybersecurity purposes. Cybersecurity information-sharing should not become a windfall of data for the federal government to use as it pleases. Any information shared with the government must have strict use limitations to ensure that this new program doesn’t become an end run around privacy laws that would otherwise offer stronger protections. · Create an oversight and accountability structure that includes public and congressional reporting. The executive branch must provide regular, substantive and public reporting, ideally by multiple Inspectors General and/or privacy officers. We appreciate your consideration and look forward to working with you in the coming months as cybersecurity legislation advances through the House. Please contact Legislative Counsel Michelle Richardson if you should have questions or comments about this correspondence. http://www.aclu.org/technology-and-liberty/aclu-opposition-hr-3523-cyber-intelligence-sharing-and-protection-act-2011

Share

A bill unveiled yesterday by Reps. Mike Rogers (R-MI) and C.A. “Dutch” Ruppersberger (D-MD), the Chairman and Ranking Member of the House Intelligence Committee, would authorize Internet service providers and other companies to share customer communications and other personally identifiable information with governmental agencies. The intent of the bill is to enhance information sharing for cybersecurity purposes, a goal that CDT strongly supports. However, we have four main concerns with the specifics of the Rogers-Ruppersberger bill: The bill has a very broad, almost unlimited definition of the information that can be shared with government agencies notwithstanding privacy and other laws; The bill is likely to lead to expansion of the government’s role in the monitoring of private communications as a result of this sharing; It is likely to shift control of government cybersecurity efforts from civilian agencies to the military; Once the information is shared with the government, it wouldn’t have to be used for cybesecurity, but could instead be used for any purpose that is not specifically prohibited. The bill, titled the Cyber Intelligence Sharing and Protection Act, is on a fast track – the House Intelligence Committee has scheduled the bill for mark up today. http://www.cdt.org/blogs/greg-nojeim/112cyber-intelligence-bill-threatens-privacy-and-civilian-control

Share

As concerned global citizens, we urge you to immediately drop the Cyber Intelligence Sharing and Protection Act (CISPA). Our democracy and civil liberties are under threat from the excessive and unnecessary Internet surveillance powers it grants. The Internet is a crucial tool for people around the world to exchange ideas and work collectively to build the world we all want. We urge you to show true global leadership and do all you can to protect our Internet freedom. April 5, 2012 http://www.avaaz.org/en/stop_cispa/

Share
Avaaz 2 years ago

Congress is considering legislation that would give companies a free pass to monitor and collect communications, including huge amounts of personal data like your text messages and emails, and share that data with the government and anyone else. All a company has to do is claim its privacy violations were for "cybersecurity purposes." Tell Congress that they can’t use vaguely-defined "cybersecurity threats" as a shortcut to bypassing the law. H.R. 3523, also known as the Cyber Intelligence Sharing and Protection Act of 2011, would let companies spy on users and share private information with the federal government and other companies with near-total immunity from civil and criminal liability. It effectively creates a "cybersecurity" exemption to all existing laws. There are almost no restrictions on what can be collected and how it can be used, provided a company can claim it was motivated by "cybersecurity purposes." That means a company like Google, Facebook, Twitter, or AT&T could intercept your emails and text messages, send copies to one another and to the government, and modify those communications or prevent them from reaching their destination if it fits into their plan to stop cybersecurity threats. Worst of all, the stated definition of "cybersecurity" is so broad, it leaves the door open to censor any speech that a company believes would "degrade the network." The bill specifically mentions that cybersecurity can include protecting against the "theft or misappropriation of private or government information" including "intellectual property." Such sweeping language would give companies and the government new powers to monitor and censor communications for copyright infringement. It could also be a powerful weapon to use against whistleblower websites like WikiLeaks. Congress wants to use the threat of "cybersecurity" to undermine our digital rights. Tell your lawmakers that we won’t stand for dangerous, unsupervised information sharing in this bill or any bill like it. https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=8444

Share

As congress draws closer to weighing in on the Cyber Intelligence Sharing and Protection Act (CISPA) later this month, it is becoming increasingly apparent that the fight for sensible internet privacy legislation is not a corporate interest. Officially backed by twenty-eight companies including Facebook, AT&T, and Microsoft, CISPA aims to fundamentally change the relationship between the private and public sector by encouraging companies to share your personal information with government agencies without penalty. With the broad support of corporations - the largest of which opposed the Stop Online Piracy Act - it would seem that there would be conclusive incentives for companies welcoming the surrendering of private user information for cyber security means. After all, as Tim McKone, AT&T's Executive Vice President of Federal Relations stated in his letter of support for CISPA: The sharing of cyber threat and attack information is an essential component of an effective cyber-defense strategy, and the legislation helps to provide greater clarity for private sector entities. We commend the bill’s sponsors for their leadership on this critical issue. While McKone paints a pleasant picture of the interaction between the public and the private sector, AT&T's testimony before the House Energy and Commerce Subcommittee on Communications and Technology shows a company confused and reluctant of government regulation. When asked by Virgin Islands delegate Donna Christensen about the role of the FCC in combating cyber crime, for instance, AT&T's Senior Vice President and Chief Security Officer Edward Amoroso did not hesitate to outline the inability of the government to have any meaningful solutions: "I don't think there's a [government] agency right now that's in a good position to come in and solve a problem that we can't solve ourselves...if there was an obvious set of things that should be done right now, I'm kind of thinking the groups that are here would be doing it. We are incented to do that." Amoroso's testimony demonstrates that complexity of dealing with cyber security while also admitting that overreaching security laws would do little to resolve the problems at hand. "The problem is," Amoroso explains, "that we don't know what it is that you should be telling us we should be doing." Additionally, it is important to note that there are already laws in place which allow law enforcement and private companies to share information through subpeonas and other legal means. (Click here for an example of Facebook's compliance with disclosure of information.) CISPA ultimately attempts to take the liability away from companies who currently have the discretion of disclosing your information and places the decision solely in the hands of the government; all at the expense of the user. CISPA would effectively take the door off the hinge of every household in America, but lacks the tools necessary to distinguish whether there is a criminal hiding in the attic. Why surrender the core of our privacy for the sake of corporate and governmental convenience?

Share
testPAC 2 years ago

To provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities, and for other purposes.

Share

Users Supporting

No constiutents supporting yet.

Users Opposing

No constituents opposing yet.

Bill Summary

H.R. 3522 Family Act of 2011 H.R. 3524 Disabled Veterans Employment Protection Act