Summary

To provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities, and for other purposes. Read More

Status

This bill was introduced in a previous session of Congress and was passed by the House on Apr 26, 2012 but was never passed by the Senate.

Date Introduced
Nov 30, 2011

Co-Sponsors

d-26
r-86

Bill Text

A BILL

To provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities, and for other purposes.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

This Act may be cited as the ``Cyber Intelligence Sharing and Protection Act of 2011''.

SEC. 2. CYBER THREAT INTELLIGENCE AND INFORMATION SHARING.

(a) In General.--Title XI of the National Security Act of 1947 (50 U.S.C. 442 et seq.) is amended by adding at the end the following new section:

``cyber threat intelligence and information sharing

``Sec. 1104. (a) Intelligence Community Sharing of Cyber Threat Intelligence With Private Sector.-- ``(1) In general.--The Director of National Intelligence shall establish procedures to allow elements of the intelligence community to share cyber threat intelligence with private-sector entities and to encourage the sharing of such intelligence. ``(2) Sharing and use of classified intelligence.--The procedures established under paragraph (1) shall provide that classified cyber threat intelligence may only be-- ``(A) shared by an element of the intelligence community with-- ``(i) certified entities; or ``(ii) a person with an appropriate security clearance to receive such cyber threat intelligence; ``(B) shared consistent with the need to protect the national security of the United States; and ``(C) used by a certified entity in a manner which protects such cyber threat intelligence from unauthorized disclosure. ``(3) Security clearance approvals.--The Director of National Intelligence shall issue guidelines providing that the head...

Read Full Text

Sentiment Map

Select:

Nation

0 Supporting
0 Opposing
0% 0%

State: CA

0 Supporting
0 Opposing
0% 0%

District: 1st

0 Supporting
0 Opposing
0% 0%

Popularity Trend

Organizations Supporting

Dear Representative Rogers: The U.S. Chamber of Commerce, the world’s largest business federation representing the interests of more than three million businesses and organizations of every size, sector, and region, supports the “Cyber Intelligence Sharing and Protection Act of 2011,” which would be an important step in assisting the nation’s public and private sectors to prevent, deter, and mitigate the array of cyber threats from illicit actors without imposing burdensome regulations on industry. Chamber members devote substantial resources toward protecting sensitive consumer and business information and critical infrastructure. This bill would address the needs of companies to receive timely and actionable information from government partners to protect their computer networks and those of their customers. It would knock down policy and legal barriers that have limited the healthy sharing of cyber threat information between and among elements of the public and private sectors. It would also allow “certified” businesses, their employees, and other information-sharing organizations to anonymize or restrict the information they provide to others, including government agencies and departments. In addition, this legislation would ensure that threat information voluntarily shared with the government would be exempt from public disclosure and would be prohibited from use by officials in regulatory matters. The bill would also provide liability protection for companies that protect their own networks in good faith or disclose cyber threat information with other eligible entities. Moreover, the Chamber expects that the information-sharing efforts envisioned in this bill would serve to supplement, rather than replace, the public-private partnerships fostered under the National Infrastructure Protection Plan framework, which continue to mature. This bill includes the several policy recommendations the Chamber has proposed for improving cybersecurity and information-sharing processes. The recent defense industrial base pilot project is a key model for demonstrating how government cyber threat intelligence can be shared with the private sector in an operationally usable manner. Making cyber threat intelligence more readily useful and available is fundamental to any long-term endeavor to defend our country and make our communities more resilient. The Chamber commends your leadership on this important issue, and looks forward to working with you to advance this important issue. http://intelligence.house.gov/sites/intelligence.house.gov/files/documents/USChamberofCommerce112911.pdf

Dear Chairman Rogers and Ranking Member Ruppersberger: On behalf of TechAmerica’s more than 1,000 member companies, I’m writing in support of the introduction of the “Cyber Intelligence Sharing and Protection Act of 2011.” TechAmerica has long supported passage of legislation that eliminates the challenges to information sharing without creating an undue burden on both the intelligence community and the private sector. We commend your efforts to enhance information sharing mechanisms between the government and the private sector in order to address today’s escalating cyber threats. Protecting cyberspace is a shared responsibility as cyber threats are not isolated to the private or public sector. Therefore, improving and extending information sharing between private industry and the government is necessary to better protect our nation’s digital infrastructure and respond to the latest, evolving cyber threats. The framework proposed in the “Cyber Intelligence Sharing and Protection Act of 2011” will move industry and government in the right direction on sharing timely and actionable information to protect ourselves from cyber attacks. Specifically, the inclusion of liability protections for the sharing and use of shared information is a critical component that we deem necessary in order to facilitate information sharing. Furthermore, we support the voluntary participation approach that is taken by your legislation. As this legislation comes before the House Intelligence Committee, we request that you consider implementing the following concepts into the final version of the “Cyber Intelligence Sharing and Protection Act of 2011” : ? Ensure that all industry participants have input into the Department of National Intelligence implementation plan outlined in Section 2; ? Provide additional clarity on how security clearances are handled, information is shared and handled, and how data retention is impacted in the classified and unclassified environments; ? Bolster the ability for government and industry representatives with appropriate clearances to jointly review and analyze incidents and intelligence and to jointly prepare credible, actionable, sanitized products that can be shared and used more broadly; and ? Determine and collaborate on developing guidelines for how, when and with whom information can be shared both externally and within a government agency or a private entity and the legal protections associated with those guidelines. Again, we applaud the effort that has been put forward by you and your staff in support of this long-time, critical goal by the private sector to enhance information sharing efforts with the U.S. government on cyber threats. TechAmerica appreciates the attention and skillful work that you have invested to address this important issue. Thank you for your consideration of our views. We look forward to working with you and your staff on this important proposal as it moves forward in Congress. http://intelligence.house.gov/sites/intelligence.house.gov/files/documents/TechAmerica113011.pdf

TechAmerica 3 years ago

The following statement can be attributed to NCTA President & CEO Michael Powell, responding to bipartisan legislation introduced today by House Intelligence Committee Chairman Mike Rogers (R, MI-8) and Ranking Member C. A. "Dutch" Ruppersberger (D, MD-2). The bill gives the federal government new authority to share classified cyber threat information with approved American companies. You can watch video of the bill's announcement here. "We applaud Chairman Rogers and Ranking Member Ruppersberger for introduction of the Cyber Intelligence Sharing and Protection Act of 2011 that will ensure better information sharing between all stakeholders involved in protecting our nation's critical cyber infrastructure. We appreciate that this legislation avoids a prescriptive regulatory regime that does not fit the constantly evolving cyber threat environment and it appropriately allows individual companies to determine how they can best participate. This legislation will protect both our national security and our customers and has the strong support of the nation's cable, telephone and wireless industries. We urge Congress to swiftly pass the Cyber Intelligence Sharing and Protection Act of 2011 into law." http://www.ncta.com/ReleaseType/MediaRelease/Statement-Regarding-Introduction-of-the-Cyber-Intelligence-Sharing-and-Protection-Act-of-2011.aspx

(November 30, 2011) – Ralph Hellmann, Senior Vice President of Government Relations at the Information Technology Industry Council (ITI), today released the following statement regarding House Intelligence Committee Chairman Mike Rogers’s bill on information sharing: "We strongly support Chairman Rogers’s bill to address our nation's cybersecurity concerns. This legislation enables the intelligence community to more effectively share actionable information about cyber threats with the private sector, which is an essential component of improving cybersecurity." "While the Internet is largely owned and operated by the private sector, the government often has unique intelligence on cyber threats. Ensuring that the government's intelligence information is shared in real-time with those in the private sector who can act on it is critical to improving the security of cyberspace.” “We believe this legislation is an important component of Speaker Boehner's cybersecurity strategy outlined last month under the leadership of Rep. Mac Thornberry. The high-tech industry looks forward to working with Congress on this bill and we urge the House to debate and pass this legislation as soon as possible." http://www.itic.org/news/press-releases/chairman-mike-rogers-s-information-sharing-bill-will-meet-key-needs-in-improving-cybersecurity/

December 1, 2011 The following statement was released today by the Independent Telephone & Telecommunications Alliance (ITTA), and may be attributed to Genny Morelli, President of ITTA. “ITTA applauds House Intelligence Chairman Mike Rogers and Ranking Member Dutch Ruppersberger for moving aggressively on legislation to tackle daily threats to the nation’s broadband networks. “Every second, broadband networks, upon which our national security and economic well being depend, face the risk of cyber exploitation. ITTA members spend substantial capital every day protecting their residential consumers and high capacity business and government customers from cyber threats. However, absent the ability for private network owners and the government to exchange intelligence on cyber threats, our national security and economic well-being will remain vulnerable to attack. “ITTA and its members look forward to working with Chairman Rogers and Ranking Member Ruppersberger on moving H.R. 3523 to final passage.” http://intelligence.house.gov/sites/intelligence.house.gov/files/documents/ITTA121111.pdf

Dear Chairman Rogers and Ranking Member Ruppersberger: The Financial Services Roundtable supports the Cyber Intelligence Sharing and Protection Act, and applauds you for introducing this important legislation. This bill provides important updates and clarifications to the US Code that will facilitate and increase cyber intelligence information sharing within the private and public sectors. The Roundtable believes that the timely sharing of actionable threat information is critical to both private and public sector organizations in developing and deploying protective measures against malicious cyber activity. This legislation will modify current constraining rules to allow for improved information sharing, which is essential to the continued protection of the cyber ecosystem. This bill will enable existing information sharing and analysis mechanisms to gain access to important cyber threat information, which will improve the quality of the products and processes available for risk detection and prevention. Within the financial services sector, the Financial Services – Information Sharing and Analysis Center (FS-ISAC) plays a vital role in incident response coordination, information sharing and other operational activities. Through this proposed legislation, the FS-ISAC will have increased access to and a greater ability to share timely and actionable threat information with their private sector members and the government in an effort to protect networks, systems and data. We are encouraged that the bill provides a voluntary approach to information sharing, which reduces regulatory burden to American businesses. In addition, it creates opportunities for the private sector to share critical information with the government without fear of legal recourse. http://intelligence.house.gov/sites/intelligence.house.gov/files/documents/FinancialServicesRoundtable112911.pdf

Show More Positions

Organizations Opposing

April 27, 2012: Yesterday, the House passed the CISPA bill, H.R. 3523, by 248-168 with 42 Democrats joining 206 Republicans in backing the measure. Click here to see how your Rep voted. The Senate is expected to proceed on its own cyber security bill over the next few weeks, so will not be voting on the House's CISPA bill any time soon. Attempts to gain control of the Internet, or to implement government censorship of the Internet, continue at an amazing frequency and intensity. An example of this is the Cyber Intelligence Sharing and Protection Act (CISPA), H.R. 3523, with 106 cosponsors, which has been moved out of committee and is ready to be taken up on the floor of the House later this week. CISPA is being framed as essential to national security. Tech giants like Facebook, AT&T, IBM, Microsoft, and Verizon favor the bill, unlike SOPA and PIPA which they opoosed and which had tech companies enforcing government policy. This measure includes an exemption of liability for those companies who take part in CISPA’s government information exchange; tech companies would be protected from any responsibility associated with regulating users. The nuts and bolts of CISPA would have the Director of National Intelligence appoint members of the “intelligence community” as monitors of communications. First, government security clearances for employees of private firms would be granted. Then exchanges of information between government and private companies would be considered “proprietary information” as the search for “cyber threat intelligence” would be on. Cyber threat intelligence is defined as “information in the possession of an element of the intelligence community directly pertaining to a vulnerability of, or threat to, a system or network of a government or private entity, including information pertaining to the protection of a system or network from: (1) efforts to degrade, disrupt, or destroy such system or network; or (2) theft or misappropriation of private or government information, intellectual property, or personally identifiable information.” The Electronic Frontier Foundation (EFF), dedicated to defending constitutional rights in the digital world has analyzed CISPA’s vague terms: “An ISP could use it to monitor communications of subscribers for potential infringement of intellectual property. An ISP could even interpret this bill as allowing them to block accounts believed to be infringing, block access to websites like The Pirate Bay believed to carry infringing content, or take other measures provided they claimed it was motivated by cybersecurity concerns. "The language of ‘theft or misappropriation of private or government information’ is equally concerning. Regardless of the intent of this language, the end result is that the government and Internet companies could use this language to block sites like WikiLeaks and NewYorkTimes.com, both of which have published classified information.” Your ISP could intercept every email or text message you send and notify the government of the content of your personal communications under the umbrella of “cybersecurity” concerns. Also, under CISPA, a warrantless cyber wiretapping program totally disregarding the Fourth Amendment protections could become routine. Another troubling provision in the bill is the one that “supersedes any statute of a State or political subdivision of a State that restricts or otherwise expressly regulates” the new government/private sector information exchange spy program. No state nullification for government cyber spying would be allowed! Ex-White House "Cyber Czar" Richard Clarke has even recommended that the Department of Homeland Security (DHS) be empowered to monitor everything that goes in and out of America’s online infrastructure. But even worse, Clarke says if Congress won’t acquiesce in the matter, this all-encompassing monitoring authority for the DHS could be established by circumvention: “If Congress will not act to protect America’s companies from Chinese cyberthreats, President Obama must.” Internet freedom lovers and civil rights patriots need to unite to educate others and especially Congressmen on the censorship and privacy rights dangers of CISPA immediately. Many supposed “conservatives” in Congress are in favor of this bill, such as Michelle Bachmann (Minn.), Darrell Issa (Calif.), Dave Camp (Mich.), Patrick Henry (N.C.), Mike Rogers (Mich.), Fred Upton (Mich.), Joe Wilson (S.C.) and Joe Pitts (Pa.). http://www.jbs.org/federal-legislative-action-alerts

The Administration is committed to increasing public-private sharing of information about cybersecurity threats as an essential part of comprehensive legislation to protect the Nation's vital information systems and critical infrastructure. The sharing of information must be conducted in a manner that preserves Americans' privacy, data confidentiality, and civil liberties and recognizes the civilian nature of cyberspace. Cybersecurity and privacy are not mutually exclusive. Moreover, information sharing, while an essential component of comprehensive legislation, is not alone enough to protect the Nation's core critical infrastructure from cyber threats. Accordingly, the Administration strongly opposes H.R. 3523, the Cyber Intelligence Sharing and Protection Act, in its current form. H.R. 3523 fails to provide authorities to ensure that the Nation's core critical infrastructure is protected while repealing important provisions of electronic surveillance law without instituting corresponding privacy, confidentiality, and civil liberties safeguards. For example, the bill would allow broad sharing of information with governmental entities without establishing requirements for both industry and the Government to minimize and protect personally identifiable information. Moreover, such sharing should be accomplished in a way that permits appropriate sharing within the Government without undue restrictions imposed by private sector companies that share information. The bill also lacks sufficient limitations on the sharing of personally identifiable information between private entities and does not contain adequate oversight or accountability measures necessary to ensure that the data is used only for appropriate purposes. Citizens have a right to know that corporations will be held legally accountable for failing to safeguard personal information adequately. The Government, rather than establishing a new antitrust exemption under this bill, should ensure that information is not shared for anti-competitive purposes. In addition, H.R. 3523 would inappropriately shield companies from any suits where a company's actions are based on cyber threat information identified, obtained, or shared under this bill, regardless of whether that action otherwise violated Federal criminal law or results in damage or loss of life. This broad liability protection not only removes a strong incentive to improving cybersecurity, it also potentially undermines our Nation's economic, national security, and public safety interests. H.R. 3523 effectively treats domestic cybersecurity as an intelligence activity and thus, significantly departs from longstanding efforts to treat the Internet and cyberspace as civilian spheres. The Administration believes that a civilian agency – the Department of Homeland Security – must have a central role in domestic cybersecurity, including for conducting and overseeing the exchange of cybersecurity information with the private sector and with sectorspecific Federal agencies. The American people expect their Government to enhance security without undermining their privacy and civil liberties. Without clear legal protections and independent oversight, information sharing legislation will undermine the public's trust in the Government as well as in the Internet by undermining fundamental privacy, confidentiality, civil liberties, and consumer protections. The Administration's draft legislation, submitted last May, provided for information sharing with clear privacy protections and strong oversight by the independent Privacy and Civil Liberties Oversight Board. The Administration's proposal also provided authority for the Federal Government to ensure that the Nation's critical infrastructure operators are taking the steps necessary to protect the American people. The Congress must also include authorities to ensure our Nation's most vital critical infrastructure assets are properly protected by meeting minimum cybersecurity performance standards. Industry would develop these standards collaboratively with the Department of Homeland Security. Voluntary measures alone are insufficient responses to the growing danger of cyber threats. Legislation should address core critical infrastructure vulnerabilities without sacrificing the fundamental values of privacy and civil liberties for our citizens, especially at a time our Nation is facing challenges to our economic well-being and national security. The Administration looks forward to continuing to engage with the Congress in a bipartisan, bicameral fashion to enact cybersecurity legislation to address these critical issues. However, for the reasons stated herein, if H.R. 3523 were presented to the President, his senior advisors would recommend that he veto the bill. http://www.whitehouse.gov/sites/default/files/omb/legislative/sap/112/saphr3523r_20120425.pdf

The Administration 3 years ago

To provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities, and for other purposes.

As congress draws closer to weighing in on the Cyber Intelligence Sharing and Protection Act (CISPA) later this month, it is becoming increasingly apparent that the fight for sensible internet privacy legislation is not a corporate interest. Officially backed by twenty-eight companies including Facebook, AT&T, and Microsoft, CISPA aims to fundamentally change the relationship between the private and public sector by encouraging companies to share your personal information with government agencies without penalty. With the broad support of corporations - the largest of which opposed the Stop Online Piracy Act - it would seem that there would be conclusive incentives for companies welcoming the surrendering of private user information for cyber security means. After all, as Tim McKone, AT&T's Executive Vice President of Federal Relations stated in his letter of support for CISPA: The sharing of cyber threat and attack information is an essential component of an effective cyber-defense strategy, and the legislation helps to provide greater clarity for private sector entities. We commend the bill’s sponsors for their leadership on this critical issue. While McKone paints a pleasant picture of the interaction between the public and the private sector, AT&T's testimony before the House Energy and Commerce Subcommittee on Communications and Technology shows a company confused and reluctant of government regulation. When asked by Virgin Islands delegate Donna Christensen about the role of the FCC in combating cyber crime, for instance, AT&T's Senior Vice President and Chief Security Officer Edward Amoroso did not hesitate to outline the inability of the government to have any meaningful solutions: "I don't think there's a [government] agency right now that's in a good position to come in and solve a problem that we can't solve ourselves...if there was an obvious set of things that should be done right now, I'm kind of thinking the groups that are here would be doing it. We are incented to do that." Amoroso's testimony demonstrates that complexity of dealing with cyber security while also admitting that overreaching security laws would do little to resolve the problems at hand. "The problem is," Amoroso explains, "that we don't know what it is that you should be telling us we should be doing." Additionally, it is important to note that there are already laws in place which allow law enforcement and private companies to share information through subpeonas and other legal means. (Click here for an example of Facebook's compliance with disclosure of information.) CISPA ultimately attempts to take the liability away from companies who currently have the discretion of disclosing your information and places the decision solely in the hands of the government; all at the expense of the user. CISPA would effectively take the door off the hinge of every household in America, but lacks the tools necessary to distinguish whether there is a criminal hiding in the attic. Why surrender the core of our privacy for the sake of corporate and governmental convenience?

testPAC 3 years ago

Congress is considering legislation that would give companies a free pass to monitor and collect communications, including huge amounts of personal data like your text messages and emails, and share that data with the government and anyone else. All a company has to do is claim its privacy violations were for "cybersecurity purposes." Tell Congress that they can’t use vaguely-defined "cybersecurity threats" as a shortcut to bypassing the law. H.R. 3523, also known as the Cyber Intelligence Sharing and Protection Act of 2011, would let companies spy on users and share private information with the federal government and other companies with near-total immunity from civil and criminal liability. It effectively creates a "cybersecurity" exemption to all existing laws. There are almost no restrictions on what can be collected and how it can be used, provided a company can claim it was motivated by "cybersecurity purposes." That means a company like Google, Facebook, Twitter, or AT&T could intercept your emails and text messages, send copies to one another and to the government, and modify those communications or prevent them from reaching their destination if it fits into their plan to stop cybersecurity threats. Worst of all, the stated definition of "cybersecurity" is so broad, it leaves the door open to censor any speech that a company believes would "degrade the network." The bill specifically mentions that cybersecurity can include protecting against the "theft or misappropriation of private or government information" including "intellectual property." Such sweeping language would give companies and the government new powers to monitor and censor communications for copyright infringement. It could also be a powerful weapon to use against whistleblower websites like WikiLeaks. Congress wants to use the threat of "cybersecurity" to undermine our digital rights. Tell your lawmakers that we won’t stand for dangerous, unsupervised information sharing in this bill or any bill like it. https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=8444

As concerned global citizens, we urge you to immediately drop the Cyber Intelligence Sharing and Protection Act (CISPA). Our democracy and civil liberties are under threat from the excessive and unnecessary Internet surveillance powers it grants. The Internet is a crucial tool for people around the world to exchange ideas and work collectively to build the world we all want. We urge you to show true global leadership and do all you can to protect our Internet freedom. April 5, 2012 http://www.avaaz.org/en/stop_cispa/

Avaaz 3 years ago
Show More Positions

Users Supporting

No constiutents supporting yet.

Users Opposing

No constituents opposing yet.

Bill Summary

To provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities, and for other purposes.

H.R. 3522 Family Act of 2011 H.R. 3524 Disabled Veterans Employment Protection Act