House and Senate Committees Move Forward on Information Sharing Legislation
Last week, the Senate Select Committee on Intelligence began circulating a draft version of the Cybersecurity Information Sharing Act (CISA) that it plans to introduce in the coming weeks. While the Committee is now led by Chairman Richard Burr (R-NC), the bill appears very similar to the CISA bill that then-Chairman of the Senate Intelligence Committee Dianne Feinstein (D-CA) introduced in the 113th Congress. At the same time, Senate Homeland Security and Governmental Affairs Committee (HSGAC) Ranking Member Tom Carper (D-DE) introduced the Cyber Threat Sharing Act of 2015 (S. 456) prior to the Congressional recess which is largely based off of President Obama’s cybersecurity information sharing legislative proposal. It is expected that the Senate will move sometime in March to mark-up the 2015 CISA bill and move it to the floor.
On Wednesday, the House Homeland Security Committee will hold its first hearing on cybersecurity information sharing legislation and will examine the Obama Administration’s legislative proposal that was released in January. Next week, the Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies will hold another hearing to learn about industry perspectives on the Administration’s information sharing legislative proposal. Both the Senate HSGAC Committee and House Homeland Security Committee are expected to remain engaged on cybersecurity information sharing legislation in the 114th Congress along with the Intelligence Committees in both chambers.
This Week’s Hearings:
- Wednesday, February 25: The House Homeland Security Committee will host a hearing titled “The Administration’s Cybersecurity Legislative Proposal on Information Sharing.”
- Wednesday, February 25: The House Armed Services Subcommittee on Emerging Threats and Capabilities will hold a hearing titled “Information Technology Investments and Programs: Supporting Current Operations and Planning for the Future Threat Environment.”
- Wednesday, March 4: The House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies will host a hearing titled “Industry Perspectives on the President’s Cybersecurity Information Sharing Proposal.”
White House Releases its Cybersecurity Executive Order
On Friday, February 13, the White House held the Summit on Cybersecurity and Consumer Protection at Stanford University where President Obama unveiled a new Executive Order (EO) focused on promoting private sector cybersecurity information sharing. The EO directs the U.S. Department of Homeland Security (DHS) to encourage the development of Information Sharing and Analysis Organizations (ISAO) which would allow private sector organizations to share information across multiple industry sectors to supplement the work of the current network of sector-specific Information Sharing and Analysis Centers (ISAC). The EO also directs DHS to assist in the creation of a standards organization for the network of ISAOs by commissioning a non-governmental organization that will develop best practices for the organizations to utilize. DHS plans to issue a Request for Information (RFI) in the coming weeks to solicit feedback from stakeholders on the creation of the ISAO standards organization.
After the Summit, White House Cybersecurity Coordinator Michael Daniel also shared that the Obama Administration will aim to develop new cybersecurity policies in the future that are guided by the following priorities:
- Boosting basic defenses for critical infrastructure by using tools such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework;
- Strengthening the ability of the U.S. to disrupt, respond to and manage cyber threats;
- Enhancing international cooperation to hold cyber criminals accountable for their crimes; and
- Securing cyberspace by replacing passwords with more secure technologies and enhancing consumer protections online.
President Obama Creates the Cyber Threat Intelligence Integration Center
Last week, the President also announced that he would establish a national Cyber Threat Intelligence Integration Center (CTIIC) that is modeled after the National Counterterrorism Center (NCTC). CTIIC would rapidly pull together intelligence about cyber threats, provide integrated analyses of foreign cyber threats, ensure that federal agencies have access to intelligence that is necessary to fulfill their cyber missions, and facilitate federal efforts to counter foreign cyber threats. Many stakeholders have questioned how the new center would fit in with DHS’s National Cybersecurity and Communications Integration Center (NCCIC). The White House has said that the CTIIC would fill a gap in the federal government’s cybersecurity efforts and complement the NCCIC and other federal efforts to share information and intelligence about cyber threats. CTIIC will primarily be focused on sharing cyber intelligence within the federal government.