OFFICIALS LEGISLATION INTEREST GROUPS PUBLIC STATEMENTS COMMITTEES VETOES

The Cipher Brief - A Necessary First Step

Op-Ed

Date: Sept. 13, 2015
Location: Washington, DC
Issues: National Security Technology and Communication

By Dianne Feinstein

It's impossible to overstate the threat of cyber attacks to our economy and our national security.

McAfee and the Center for Strategic and International Studies last year estimated cyber crime costs our economy more than $400 billion and 200,000 lost jobs.

The cybersecurity company Symantec reported that just last year, more than 348 million identities were exposed through data breaches.

The roll call of companies and government agencies that have been attacked is lengthy, not to mention the many millions of Americans who have been affected:

Office of Personnel Management: 22 million government employees and security clearance applicants.
Blue Cross: 11 million customers.
Anthem: 80 million records of current and former customers.
JPMorgan Chase: 76 million households and 7 million small businesses.
Home Depot: 56 million credit cards exposed.
eBay: 233 million personal records.
Target: 70 million customers' credit card information.
That's why I joined with Senator Richard Burr, chairman of the Senate Intelligence Committee, to introduce the Cybersecurity Information Sharing Act.

The bill has a simple goal: to increase the sharing of information about cyber attacks between companies as well as between companies and the government while protecting personal information of the customers of those companies.

The best way to identify and counter cyber attacks is to know more about them in the first place, and that's what this legislation is designed to promote, in an entirely voluntary manner.

This bill, which the Intelligence Committee approved 14-to-1 in March, has been modified since that vote to further augment its already robust privacy safeguards.

The first safeguard lies with the companies sharing the information.

Before any information is shared, companies must review it to determine whether it contains information about a specific person or information not directly related to a cybersecurity threat. Any such information must be removed.

The second safeguard lies with the government agencies receiving the information.

The attorney general must issue mandatory privacy guidelines to all agencies governing the receipt, retention, use and dissemination of cyber threat information to further protect any personal information that may mistakenly be transmitted.

I would repeat that this bill is entirely voluntary. No companies are forced to do anything under this bill. Those companies that do participate will receive liability protection for the sharing of information related to cyber attacks.

This will allow companies to talk to each other about cyber threat indicators and to communicate and receive advice from the government on how best to identify and respond to attacks.

Senator Burr and I have been working closely with members on both sides of the aisle; the administration; key stakeholders in the private sector; and privacy groups to continue to improve this bill. We are committed to continue working with them, including on the more than 20 additional amendments that will be considered when the full Senate takes up the bill.

We have significantly improved the bill and look forward to the Senate taking up and debating this legislation.

We have taken every step to prevent privacy violations from happening under this bill. And I strongly believe that if we don't take this important first step, these devastating attacks will only become more common.

I am hopeful the Senate will pass this bill as quickly as possible.


Source
arrow_upward