Legislative Branch Activity

Senate Information Sharing Legislation

Last week, Senate Intelligence Committee Chairman Dianne Feinstein (D-CA) and Ranking Member Saxby Chambliss (R-GA) issued a statement noting their progress on a draft cybersecurity information sharing bill that they have been working on since last year. In the statement, they noted that they have reached an agreement on the draft legislation and have shared the language of the draft bill with relevant entities within the executive branch, industry and the privacy community to get their comments. They hope to get comments quickly from these groups and will then consider the final legislation within the coming weeks.

The draft legislation has already drawn some concerns from privacy advocates after media reports noted that the bill will include a blanket liability shield for companies that share information about cyber threats and attacks with the federal government. In addition, the bill will require the Director of National Intelligence, Secretary of Homeland Security and the Attorney General to develop guidelines for information sharing. Reports also note that the bill would mandate the removal of personally identifiable information from the data that is shared between the private sector and the government, though some in the business community have cited this provision as problematic since small and mid-sized companies often do not have the resources to be able to meet this sort of mandate.

In response to the statement from Chairman Feinstein and Ranking Member Chambliss, House Intelligence Committee Chairman Mike Rogers (R-MI) and Ranking Member C.A. Dutch Ruppersberger (D-MD) also issued a statement calling for quick action on a Senate information sharing bill. Last April, the House passed a separate information sharing bill, the Cyber Intelligence Sharing and Protection Act (CISPA/H.R. 624), which has never been considered in the Senate given that the Senate Intelligence Committee was drafting its own bill.

Executive Branch Activity

U.S. Department of Homeland Security Workshops

The U.S. Department of Homeland Security (DHS) announced that it will hold its first workshop as part of the Critical Infrastructure Cyber Community (C3 or C-Cubed) program in Boston on June 18. The workshop will be the first of three major workshops that DHS is planning in the coming months and will focus on the implementation of the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework that was required by the President’s cybersecurity Executive Order in February 2013. Future workshops will take place in San Francisco in September and in Washington, DC in February.

In addition, DHS is planning to host a number of smaller workshops that are focused on the implementation of the NIST Cybersecurity Framework for specific critical infrastructure sectors. The first event will take place in New York in August and will be focused specifically on the financial services sector. The workshops for other critical infrastructure sectors will likely be announced in the coming weeks.