On February 11, Senator Tom Carper (D-Del.), Ranking Member of the Senate Homeland Security and Governmental Affairs Committee, introduced legislation aimed at increasing the sharing of cyber threat data between the federal government and private industry. The Cyber Threat Sharing Act of 2015 (S. 456) would grant certain liability protections to companies for the sharing of cyber threat data with the National Cybersecurity and Communications Integration Center (“NCCIC”) within the Department of Homeland Security and with an information sharing and analysis organization that has self-certified it is following best practices.
As we reported last week, President Obama has issued an Executive Order Promoting Private Sector Cybersecurity Information Sharing, and Senator Carper has said that his legislation complements that effort.
Senator Carper stressed that one of Congress’ top priorities “must be to promote the sharing of cyber threat data among the private sector and the federal government to defend against cyber-attacks and encourage better coordination.” Carper’s bill requires the NCCIC to receive and disclose cyber threat indicators to federal and non-federal entities in “as close to real time as practicable.”
In a statement announcing the introduction of the Cyber Threat Sharing Act, Senator Carper said that the bill “incorporates insights and advice from our committee’s hearing on the topic earlier this month.” He invited stakeholders to continue to provide feedback to his colleagues on the Homeland Security Committee in order to make the bill “better in an open and transparent process.”
Meanwhile, the House Homeland Security Committee has scheduled two upcoming hearings on the President’s cybersecurity information sharing proposal. On Wednesday, February 25, the Committee will hear from government witnesses on the proposal and on Wednesday, March 4, from industry representatives. More information on the hearings, including the witness lists, can be found on the Committee’s website.