Massive year-end spending bill includes cybersecurity act

Massive year-end spending bill includes cybersecurity act
In this Oct. 22, 2105 file photo, Rep. Adam Schiff, D-Calif., ranking member on the House Intelligence Committee speaks to the media on Capitol Hill in Washington. The massive year-end spending measure includes a bill encouraging companies to share cyber threat information with the government. Schiff urged lawmakers to support the bill and said it was a major improvement over the bill put forward last session, which he opposed because of what he said were its lack of privacy protections. (AP Photo/Jacquelyn Martin, File)

The massive year-end spending measure includes a provision that will encourage companies to share cyber threat information with the government.

The measure, which represents a culmination of several years of effort to pass a cyber bill, brings together three different versions that passed the House and Senate earlier this year with hefty bipartisan support. It was released early Wednesday morning.

The Cybersecurity Act of 2015 largely hews to the Senate version of the bill, which passed despite concerns about privacy and transparency from some senators and technology companies, such as Apple and Yelp.

But there are some changes.

The bill allows the president to designate an agency other than the civilian Homeland Security Department to act as a portal for sharing cyber threats with the government only if DHS cannot and it is necessary. However, the Defense Department, including its National Security Agency, is specifically excluded for becoming an alternate portal.

Rep. Adam Schiff, D-Calif., the ranking member of the House Intelligence Committee, urged lawmakers to support the bill and said it was a major improvement over what was put forward last session, which he said lacked .

Massive year-end spending bill includes cybersecurity act
In this photo taken Sept. 29, 2015, Sen. Ron Wyden, D-Ore. is seen on Capitol Hill in Washington. The massive year-end spending measure includes a bill encouraging companies to share cyber threat information with the government. Wyden called the bill "even worse" today, lacking meaningful privacy protections to ensure personal information isn't passed on and doing little to prevent major hacks. (AP Photo/Lauren Victoria Burke)

"The bill is very protective of privacy while also doing a lot to help companies protect themselves from cyberattack," Schiff said. "We have to measure this against the daily invasion of our privacy by these hackers. Those who believe that perfect should be the enemy of the good, have to justify how they're willing to accept rampant hacking into our privacy and do nothing about it."

Companies are also assured they won't face liability for not acting on information received. Such liability protections are necessary to incentivize data sharing with the government, and have been a major reason why prior bills have failed to pass. Supporters of the cyber sharing bill say it's necessary to raise the cost to an attacker and ensure the same threats aren't repeatedly deployed.

The bill also calls on businesses and the government to remove, or scrub, personal identifiable information from threat data before sharing that information.

The first scrub is done by the company when it shares with the Homeland Security Department, and the second when DHS passes it on to other agencies. However, if the cyber threat pertains to a specific threat of the loss of life, economic damage, serious injury or the effort to prosecute or prevent the exploitation of a minor, the personal identifiable information may be passed on.

Sen. Ron Wyden, D-Ore., called the bill "even worse" today, lacking meaningful privacy protections to ensure personal information isn't passed on and doing little to prevent major hacks.

"Americans deserve policies that protect both their security and their liberty. This bill fails on both counts," Wyden said.

The ACLU called the cyber bill "a surveillance bill by another name" in a statement.

"Instead of passing reforms that would have stopped the Anthem or OPM (Office of Personnel Management) hack, Congress has chosen to advance legislation that places the of Americans in further peril," it said, adding that the information could be used for criminal prosecutions unrelated to cybersecurity.

The White House has supported prior language in the cybersecurity bill.

The House is scheduled to vote Friday on the .


Explore further

Cybersecurity: Senate takes initial step to bill's passage (Update)

© 2015 The Associated Press. All rights reserved.

Citation: Massive year-end spending bill includes cybersecurity act (2015, December 16) retrieved 2 December 2020 from https://phys.org/news/2015-12-massive-year-end-bill-cybersecurity.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.
10 shares

Feedback to editors

User comments