The Senate Intelligence Committee has reached a compromise on proposed security legislation being crafted to help protect the nation’s critical networks, bringing them one step closer to formally introducing a bill to go before the entire Senate.
The proposed bipartisan legislation is supported by Committee Chairwoman Dianne Feinstein and Saxby Chambliss, and would provide the opportunity for private companies to share more threat intelligence information.
“We have worked together for months to draft a bill that allows companies to monitor their computer networks for cyber attacks, promotes sharing of cyber threat information and provides liability protection for companies who share that information,” the senators said in a joint statement.
“After reaching agreement on draft legislation, we circulated that draft bill language to relevant parties in the executive branch, private industry and the privacy community for comment. Once those comments are returned, which we hope will happen quickly, we will consider the final legislation.”
As it stands now, it nearly impossible for companies to collaborate on threat intelligence sharing, as they could run the risk of violating antitrust laws preventing collusion in the marketplace, and companies remain concerned that if security information is divulged outside the organization, they may be held liable by stakeholders for lapses.
“Private hackers and countries like China, Russia and Iran pose a serious threat to American companies, networks and critical infrastructure. The House has already passed its cyber security legislation, and Congress as a whole must act to give these companies the help they need to defend their networks and our economic prosperity,” House Intelligence Committee Chairman Mike Rogers and top Democrat Dutch Ruppersberger said of the Senate’s move.
A recent study by the Ponemon Institute, titled Exchanging Cyber Threat Intelligence: There Has to Be a Better Way, nearly two-thirds of respondents said their organizations had suffered a preventable cyber attack in the last two years had they had adequate access to threat data, and nearly three-quarters believe a better system for sharing threat intelligence is needed.
The report came on the heels of an announcement that the Justice Department and the Federal Trade Commission have issued guidelines for organizations regarding the sharing of security threat intelligence after concerns had arisen that such information exchanges may have resulted in violations of antitrust laws designed to thwart the divulging of certain competitive information like product pricing and business development plans.
“Some companies have told us that concerns about antitrust liability has been a barrier to being able to openly share cyber threat information with each other. We have heard them,” Deputy Attorney General James Cole said.
Read More Here…