A new bill introduced by senior members of the US House of Representatives Intelligence Committee would allow intelligence agencies to share classified cyber-threat information with approved US companies, while encouraging companies to share their own information.
The Cyber Intelligence Sharing and Protection Act, introduced yesterday, is a "significant first step" toward protecting the US government and businesses from constant cyberattackers, said Representative Mike Rogers, a Michigan Republican and committee chairman. "There is a cyberwar that is going on today," Rogers said during an event to announce the bill.
The bill would direct the US director of national intelligence to set up a process for intelligence agencies to share cyber-threat information and for granting security clearances at organisations that want to receive the information. Businesses that receive the classified information would generally be limited in their use of the information to protecting themselves or their customers.
The bill would also give lawsuit protection to companies that use the information to protect their networks or share cyber-threat information. The bill would allow companies to share cyber-threat information anonymously through an undefined process or restrict who they share with, including the government.
"If we're going to win this fight, we have to have more sentries on guard," Rogers said. "What this bill will do is leverage every private IT security operation in every company in America to be on guard."
The bill does not require companies to share any information and includes no new mandates for businesses, Rogers said. "These companies are under assault every single day," he said. "It is in their best interest to cooperate."
Without improved cybersecurity the US will have a "catastrophic" cyberattack within the next year, predicted cosponsoring Representative C.A. "Dutch" Ruppersberger of Maryland, the senior Democrat on the committee. "We simply can't stand by if we have the ability to help American companies protect themselves," he said. "Sharing information about cyber-threats is a critical step to preventing them."
Trade groups the Information Technology Industry Council and the National Cable and Telecommunications Association (NCTA) were among the organizations voicing support for the bill. The cyber-threats facing US businesses are "deeply frightening," and the bill will improve national security, said Michael Powell, NCTA's president and CEO.