A new bill introduced by senior members of the U.S. House of Representatives Intelligence Committee would allow intelligence agencies to share classified cyber-threat information with approved U.S. companies, while encouraging companies to share their own information.
The Cyber Intelligence Sharing and Protection Act, introduced Wednesday, is a "significant first step" toward protecting the U.S. government and businesses from constant cyberattackers, said Representative Mike Rogers, a Michigan Republican and committee chairman. "There is a cyberwar that is going on today," Rogers said during an event to announce the bill.
The bill would direct the U.S. director of national intelligence to set up a process for intelligence agencies to share cyber-threat information and for granting security clearances at organizations that want to receive the information. Businesses that receive the classified information would generally be limited in their use of the information to protecting themselves or their customers.
The bill would also give lawsuit protection to companies that use the information to protect their networks or share cyber-threat information. The bill would allow companies to share cyber-threat information anonymously through an undefined process or restrict who they share with, including the government.
"If we're going to win this fight, we have to have more sentries on guard," Rogers said. "What this bill will do is leverage every private IT security operation in every company in America to be on guard."
The bill does not require companies to share any information and includes no new mandates for businesses, Rogers said. "These companies are under assault every single day," he said. "It is in their best interest to cooperate."
Without improved cybersecurity the U.S. will have a "catastrophic" cyberattack within the next year, predicted cosponsoring Representative C.A. "Dutch" Ruppersberger of Maryland, the senior Democrat on the committee. "We simply can't stand by if we have the ability to help American companies protect themselves," he said. "Sharing information about cyber-threats is a critical step to preventing them."
Trade groups the Information Technology Industry Council and the National Cable and Telecommunications Association (NCTA) were among the organizations voicing support for the bill. The cyber-threats facing U.S. businesses are "deeply frightening," and the bill will improve national security, said Michael Powell, NCTA's president and CEO.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.