Stressing an urgency to help protect American businesses and jobs, the House Intelligence Committee today completed its markup of H.R. 3523, the Cyber Intelligence Sharing and Protection Act of 2011. Two amendments were adopted by voice vote and the bill passed the committee with a decisive vote of 17-1. The amendments are attached to this news release.
The first amendment was offered by Chairman Rogers and Ranking Member Ruppersberger to enhance the privacy protections in the bill by putting several restrictions on the government's use of the cyber threat information it receives from the private sector. The amendment would prohibit the government from using cyber threat information unless at least one significant purpose is cyber security or national security. It also prohibits the government from searching through any cyber threat information it receives from the private sector for any purposes not authorized by the bill. The amendment also ensures that all cyber threat information shared by the private sector is purely voluntary and that the government may not condition sharing of intelligence information on private sector sharing of information back to the government. The amendment also prohibits the government from using the authorities in this bill to "task" the private sector to provide information.
A second amendment, offered by Mr. Thompson, requires an annual report to Congress from the Inspector General of the Intelligence Community. This report will review the information voluntarily shared by the private sector with the government. The report will establish that all information shared was for cyber and national security purposes. This report will serve as a key tool for the House Permanent Select Committee on Intelligence's Congressional oversight.
"The decisiveness of the vote shows the tremendous bipartisan support for this bill. Through hard work and compromise we have struck a delicate balance that provides strong protections for privacy and civil liberties, while still enabling effective cyber threat sharing and providing clear authority for the private sector to defend its own networks," Chairman Rogers said.
"American businesses are suffering dramatic losses every day to cyber espionage, and we remain vulnerable to catastrophic cyber attacks against our critical infrastructure. This bill addresses the urgent need to help our private sector better defend itself from these insidious attacks," Rogers said.
Rogers continued, "Our bill does not require additional federal spending or the creation of a new government bureaucracy. It does not impose additional federal regulation or unfunded mandates on the private sector. To the contrary, the bill is a critical, bipartisan first step to empowering the private sector to do even more to protect its own networks. It will also unleash American private sector innovation and drive to help create a more robust cybersecurity marketplace."
Ranking Member Dutch Ruppersberger said, "The bill reported from committee today strengthens our ability to take advantage of the expertise of the Intelligence Community to safeguard American companies from ruthless cyber attackers while protecting privacy and civil liberties. We have added a narrow threshold for what kind of information can be shared between the government and private sector, as well as a critical Inspector General report requirement.
"Every second the cyber networks that power American commerce are being exploited. We can't stand idly by if we have the ability to help American companies protect themselves. This has been an extraordinary bipartisan effort. I am proud of the compromise this bill represents and look forward to all stakeholders continuing to work together throughout the legislative process," said Rep. Ruppersberger. The next step for the bill is the House Floor. The Committee looks forward to working with House leadership to get the bill to the floor.