Legislation approved by a Senate committee this week would give US officials strong authority to combat computer espionage and theft of valuable commercial data.
The “Cybersecurity Information Sharing Act” reported out by the Senate Intelligence Committee in closed session would require the director of national intelligence to increase the sharing of classified and unclassified cyber threat information to the private sector, consistent with the protection of sources and methods.
Sponsored by Sens. Dianne Feinstein, D-Calif., and Saxby Chambliss, R-Ga., chairman and ranking minority member, respectively, of the committee, the bill would also offer liability protections to companies that appropriately monitor their networks or share cyber threat data and limit the government’s ability to use data it receives.
The measure must be approved by the full Senate and reconciled with similar legislation that passed the House of Representatives in April.
Democratic senators Ron Wyden of Oregon and Mark Udall of Colorado, members of the intelligence committee, said they opposed the bill because they felt it did not include sufficient privacy protections.
But there are signs the Intelligence Committee bill has bipartisan support in the House. The Republican chairman and top Democrat on the House Intelligence Committee issued a statement on Tuesday backing the measure and urging the full Senate to vote quickly.
“We are confident that the House and the Senate will quickly come together to address this urgent threat and craft a final bill that secures our networks and protects privacy and civil liberties,” Reps. Mike Rogers, R-Mich., and Dutch Ruppersberger, D-Md., said in a statement.
It is the second dealing with cyber risk introduced in the Senate this year. Legislation was introduced in May by Sen. Carl Levin, D-Mich., with bipartisan support, that would give US officials strong authority to combat computer espionage and theft of valuable commercial data.
According to the Insurance Information Institute, Congress is proposing legislation because of a rising number of high profile mega data breaches—most recently at eBay, Target and Neiman Marcus. A new III white paper says the result is stepped-up government scrutiny of cyber security and increased calls for legislation and regulation, “placing the burden on companies to demonstrate that the information provided by customers and clients is properly safeguarded online.”
The earlier Senate bill, Deter Cyber Theft Act of 2014, S. 2384, updates legislation introduced last year with the intent of taking aggressive new steps against computer espionage and theft of valuable commercial data.
The Cybersecurity Information Sharing Act does the following:
“Clearly, given that there is bipartisan support for cyber-related action, and there is also support within the Obama administration for legislation, this issue will be with us for a long time, regardless of whether there will be action this year,” Robert P.Hartwig, president and economist for III, said.
In 2013 more than 600 organizations across the business, financial, educational, government and healthcare sectors, publicly disclosed data breaches that exposed nearly 92 million records, according to the Identity Theft Resource Center. This year, ITRC said there have been 381 breaches as of July 1.
“Yet despite the large number of reported breaches, the actual number of breaches and exposed records is without a doubt much higher as many, if not most, attacks go unreported,” III said.
Interestingly, the III paper said that cyber risk moved into the top 10 global business risks in 2014, according to the third annual Allianz Risk Barometer Survey, climbing up to rank 8 from 15 in last year’s survey.