US : Bipartisan Cybersecurity Bill Clears Key Hurdle

House Intelligence Committee Marks Up Cyber Bill

WASHINGTON, D.C. – Stressing an urgency to help protect American businesses and jobs and ensure the openness of the internet, the House Intelligence Committee today completed its markup of H.R. 624, the Cyber Intelligence Sharing and Protection Act of 2013.  Six amendments were adopted by the committee and the bill passed with a decisive vote of 18-2.

The first amendment was a Managers’ Amendment to make some non-controversial technical corrections and enhance the core information sharing purposes of the bill.

The second amendment, offered by Rep. Thompson of California, added roles for the Privacy and Civil Liberties Board (PCLOB) and the individual agency privacy officers to provide additional oversight of the government’s use of information received from the private sector under this bill.

A third amendment, offered by Rep. Langevin, clarified that the bill does not provide any new authority to “hack back.”  This provision addresses concerns that the bill could be misinterpreted to authorize companies to hack into other companies’ networks to take back information that was stolen from them.

The fourth amendment, offered by Rep. Heck and Rep. Himes, put in place a private sector cybersecurity use restriction that parallels the bill’s use restrictions imposed on the government.  This provision will limit the private sector’s use of any cyber security information received only to a cybersecurity use purpose.  This is intended to address misperceptions that private sector companies could have used this information for marketing and other non-cybersecurity purposes.

Chairman Rogers said:  “This amendment addresses a concern that was expressed to us by several Members of Congress and a number of organizations, to include the White House.  I commend Rep. Joe Barton for his leadership on this important issue and for bringing the matter to the committee’s attention.”

The fifth amendment, offered by Rep. Himes, requires the government to establish minimization procedures.  Those procedures must be designed to limit the receipt, retention and use of personally identifiable information not necessary to protect systems or networks from cyber threats while still ensuring the critical cyber threat information necessary to protect systems can flow quickly.

The sixth amendment, offered by Rep. Sewell, struck the bill’s authorized “national security” use to further narrow the government’s authorized uses of cyber threat information shared by the private sector.

“Cyber-hackers from nation-states like China, Russia, and Iran are infiltrating American cyber networks, stealing billions of dollars a year in intellectual property, and undermining the technological innovation at the heart of America’s economy.  This bill takes a solid step toward helping American businesses protect their networks from these cyber looters.  Through hard work and compromise, we have produced a balanced bill that provides strong protections for privacy and civil liberties, while enabling effective cyber-threat sharing.  The decisiveness of the vote shows the tremendous bipartisan support for this bill,” Chairman Rogers said.

Rogers continued, “Our bill does not require significant additional federal spending or the creation of a new government bureaucracy.  It does not impose additional federal regulation or unfunded mandates on the private sector.  To the contrary, the bill is a critical, bipartisan first step to empowering the private sector to protect its own networks, which hold invaluable intellectual property and personal information.  The bill will also unleash American private-sector innovation by helping create a more dynamic cybersecurity marketplace.”

Ranking Member Dutch Ruppersberger said, “We have always said this was a collaborative process with privacy groups, the business community, and the White House.  The adoption of a host of amendments in markup today supported by these groups shows a true commitment to making our bill better and improving privacy and civil liberties protections.  I commend everyone who participated in this effort, especially the bi-partisan leadership of Chairman Rogers and the other Members of the Intelligence Committee on both sides of the aisle.  I look forward to advancing this bill so we can protect our nation and its economy from the threat that cyber attacks and cyber espionage pose.”

The bill is expected to be considered by the full House next week.