A bill to let spy agencies share intelligence on cyber threats with private companies was backed by a House of Representatives intelligence panel.
The Permanent Select Committee on Intelligence approved the legislation that would expand a pilot Pentagon program for sharing classified and sensitive threat information with defense contractors and their Internet service providers, Reuters reports. The bill was amended to expand privacy protections for data that companies give the government. That includes data that Internet providers would share about customers. That data could be used only for cyber or national security.
Some critics say this type of sharing amounts to government surveillance of private data.
“It’s always a very, very difficult issue when you’re talking about cybersecurity,” said PSC Chairman Mike Rogers (R-Mich.), who co-sponsored the bill with Ranking Member Dutch Ruppersberger (D-Md.). “Many people confuse privacy and security issues as one in the same. They’re really two different issues.”
Rogers spoke to the Federal Drive with Tom Temin and Amy Morris on Friday morning about the challenges of crafting the bill.
Something for everybody
What the committee tried to do, Rogers said, is to put in place protections that would keep people’s private information private while increasing the government’s ability to stop malicious spyware or attack code making its way into computer networks. The bill makes it easier for companies to share hacking information with the government without the risk of being sued, provided that the company hasn’t been negligent.
“It’s a little bit of something for everybody, and it takes a big bite out of what is a growing and serious problem in cyber espionage and cyber attacks,” Rogers said.
Companies would have to receive a security clearance from the government in order for the government share classified information with them. The information sharing would be coordinated through the director of national intelligence.
“Our intelligence services today have information that private networks and some government networks don’t have,” Rogers said. “But the law is very clear that NSA, if it sees malicious software heading to dot.mil or dot.gov, can absolutely do something about it.”
“Where we ran into problems is when it’s targeted to a dot.com,” he said. “The law is not clear and no one believes they have the authority to do that.” The new law seeks to allow the government to extend this protection to commercial networks.
Everything is voluntary
To those fearing that the new law would mean mandated government surveillance, Rogers said that it’s all voluntary and contains nothing regulatory. The companies that want this protection would have to approach the government to request it.
“Cyber espionage is at an intolerable level” in the private sector, he said, which is why it’s important to move the legislation through Congress as quickly as possible.
“Countries like China and Russia, even Iran now, are getting into the business of going in, stealing intellectual property, developing that company or business back in their home country and then competing directly against an American company,” Rogers said.
As chairman of the intellegence committee, which passed the bill 17-1, Rogers is optimistic about the legislation’s future. “We have meetings in the Senate next week,” he said. “We feel very, very good that we’re going to get a counterpart bill or at least support for this bill when it arrives in the Senate. We’re negotiating with some folks in the Senate now to introduce a counterpart, which we think would be the best way to go.”
This story is part of Federal News Radio’s daily Cybersecurity Update. For more cybersecurity news, click here.
Tom Temin is the host of The Federal Drive, 6 a.m.-10 a.m. on 1500 AM in the Washington, D.C. region and online everywhere.
Tom also writes a weekly commentary. Subscribe to Federal Drive's daily audio interviews on iTunes or PodcastOne