The House Intelligence Committee has introduced legislation aimed at improving the nation's cybersecurity by encouraging better communication between private industry and the federal government.
The Cyber Intelligence Sharing and Protection Act of 2011 would relieve commercial companies from liability for sharing data with the government. Sharing information would be voluntary, and if a company chose to do so, it could also choose which governmental agency with which to share.
Both private and government security experts are alarmed by what they say is an extraordinary amount of hacking activity from all across the spectrum of suspects, from individuals to governments.
Mike Rogers (R-Mich.), chairman of the House Intelligence Committee and co-sponsor of the bill, called out China and Russia for their ongoing cyber incursions and said there is evidence other countries, including Iran, are also beginning to engage in hacking activity.
Rogers testified that many U.S. companies refuse to even acknowledge that they've been hacked, for fear of the damage to their reputations and their businesses. The bill aims to encourage reporting, so that the scope of the problem can be gauged. The Cyber Intelligence Sharing and Protection Act is acknowledged by all to be a first step toward a fuller federal policy on protecting against cyber attacks.
"There is an economic cyber war going on today against U.S. companies," Rogers said when announcing the bill. "There are two types of companies in this country: those who know they've been hacked, and those who don't know they've been hacked."
Some civil liberties groups believe the bill fails to protect consumer information from misuse by the federal government. In the process of revising and approving the bill, that issue could yet be addressed.
The cable industry is prominent among early supporters of the bill. NCTA President and CEO Michael Powell released the following statement:
"We applaud Chairman Rogers and Ranking Member Ruppersberger for introduction of the Cyber Intelligence Sharing and Protection Act of 2011 that will ensure better information sharing between all stakeholders involved in protecting our nation's critical cyber infrastructure. We appreciate that this legislation avoids a prescriptive regulatory regime that does not fit the constantly evolving cyber threat environment, and it appropriately allows individual companies to determine how they can best participate. This legislation will protect both our national security and our customers and has the strong support of the nation's cable, telephone and wireless industries. We urge Congress to swiftly pass the Cyber Intelligence Sharing and Protection Act of 2011 into law."