Tuesday, July 07, 2015

Counsel: Senate intel panel 'close' on cybersecurity information-sharing bill

Posted: March 20, 2014
Bookmark and Share

The leaders of the Senate Select Committee on Intelligence are "close" to reaching agreement on a cybersecurity information-sharing bill with liability protection for industry that is designed to win the support of 60 or more senators, according to Jack Livingston, the panel's minority counsel.

Livingston spoke today at an American Bar Association breakfast, saying afterward that Chairman Dianne Feinstein (D-CA) and Vice Chairman Saxby Chambliss (R-GA) might agree on the bill within a month. A new effort by Feinstein and Chambliss to craft a "bipartisan approach" could succeed where previous legislative attempts have failed, he said.

"We've been working on information sharing for years," Livingston said. "What's different this time, though, is the chairman and the vice chairman are trying to work together. There is a lot of interest on our committee right now about getting a bill done. We have some pretty key senators on our committee."

He cited Sen. Susan Collins (R-ME), a "huge player in the cybersecurity arena," as well as Sen. Tom Coburn (R-OK); Sen. John Rockefeller (D-WV), who has previously spearheaded cybersecurity legislation; and relative newcomer Sen. Angus King (I-ME).

Brian Weiss, a spokesman for Feinstein, confirmed that she and Chambliss have been working together "for a while"on an information-sharing bill that provides some liability protections. Weiss said he could not provide a firm timetable for when those negotiations might conclude.

Although "a lot of political realities" could pose an obstacle, the aim is to win approval for the bill in the full Senate this year, Livingston said at the breakfast, hosted by the ABA's Committee on Law and National Security. If the committee leadership puts forth a bill, it would be up to Senate Majority Leader Harry Reid to schedule a vote, he said, noting that its successful passage could enable a conference process with a House cybersecurity bill.

The legislation, he said, should outline a "neighborhood watch" approach with the public and private sectors that uses liability protection to enable sharing of threat information by eliminating the risk that companies' participation might trigger prosecution from the Justice Department. The bill should also eliminate the risk of sensitive proprietary information shared with the government being subject to release through ordinary Freedom of Information Act requests, he said.

Livingston said legislation should provide companies with clear authorization to search and monitor their networks and systems for malicious cyber threats, to conduct "self defense" and use "countermeasures" on their systems, to share information and countermeasures with the federal government and other entities, and to use that information.

Livingston also said the bill should accelerate the government's ability to declassify threat information. Further, he said, the government must avoid situations in which a company shares data only to have it suddenly classified and subject to counterproductive restrictions.

On the subject or privacy concerns, he said a lot of the "magic" in national security legislation "happens in the definitions." Carefully and narrowly defining threat information and indicators will set the parameters for what will be shared and mitigate the risk of generating privacy concerns, he said.

Livingston argued against including "use limitations" that would prevent data from being used for law enforcement or national security purposes. As for liability protection, he argued against inserting words like "reasonable" that could "inadvertently" create "a cause of action." He also asserted that affirmatively including a "good-faith defense" would imply a cause of action, "guarantee a jury" and create "unfair" expenses for defendants.

Sorting through issues related to information sharing will require a lot of input from the private and public sectors over the long term, he said. -- Christopher J. Castelli (This e-mail address is being protected from spambots. You need JavaScript enabled to view it )


Free Trial

Inside Cybersecurity is a subscription-based premium news service for policy professionals who need to know about evolving federal policies to protect cyberspace.

Sign up for a free one-month trial to Inside Cybersecurity. You'll get a morning email Daily Report each business day, news alerts throughout the day, access to hard-to-find policy documents and reports, and our exclusive Weekly Analysis every Monday.

Subscribe now and save 50%. Your free trial will include this special introductory offer: You'll save 50% off the first-year subscription price for Inside Cybersecurity. You'll pay just $447.50 for a full twelve months of service for a single-reader license. This is an unbeatable deal for exclusive news on the hottest issue in federal policymaking.

Additional readers can be added to a single-reader license for just $200 each, up to five. The 50% discount will be applied to the entire cost of the license. If you have more than five readers, or would like an organization-wide site license, even further discounts will apply. Contact steve.reilly@iwpnews.com or call 703-562-8992.

Form for a free trial

Get exclusive news on the cybersecurity debate in Congress and more.

Sign up for a free one-month trial to Inside Cybersecurity for daily news and analysis on emerging federal standards for cybersecurity, including the debate over information sharing, liability waivers and privacy protections.

Form for a free trial

Already a subscriber? Click here to log in.