Last week, the White House maintained that it would veto the Cyber Intelligence Sharing and Protection Act, a bill proposing cybersecurity information sharing between the private sector and the U.S. government, if it reached the President. While the bill was introduced by Ranking Member of the House Intelligence Committee Dutch Ruppersberger (D–MD) and has bipartisan support, the White House has not budged on the issue.
Somewhat confusingly, the White House is continuing to push for its own information-sharing proposal between the private sector and the government that, based on White House statements, seems to provide fewer protections for businesses that participate and a different way of sharing information. While President Obama claims to support information sharing between the public and private sectors, his most recent veto declaration could put a damper on intentions. Regardless, Congress explored the importance of cybersecurity information sharing in a Senate hearing yesterday.
The Senate Homeland Security and Government Affairs Committee (HSGAC) hearing explored the best way to encourage information sharing. Each of the five witnesses from the private sector testified similarly that there should be an emphasis on real-time sharing, liability and disclosure protection, company-to-company disclosure protection, and “bi-directional sharing.”
Committee members and witnesses agreed that, in many cases, basic network hygiene may only get a private or public entity so far. Information sharing is the necessary next step. In closing, HSGAC Chairman Ron Johnson (R–WI) asked the witnesses to identify the biggest problem in the White House proposal and what can Congress do to address it. The witnesses again testified that sharing in both directions and liability protection were key elements that are still being ignored.
Information sharing includes data on cyber threats and potential vulnerabilities that could be used to disrupt the operations of a system or steal information. When cyber data is exchanged between the private sector and government agencies, stakeholders can be warned and informed about current vulnerabilities in a system, as well as potential attacks.
Information sharing requires an open flow of information between the private and public sectors, as well as among the various agencies and companies in each sector. To make this happen, it is important that private-sector entities are protected from legal and regulatory ramifications potentially involved with sharing. This ensures that companies won’t be afraid to share cybersecurity information due to liability fears.
In addition to enhancing cybersecurity, information sharing could also be used to strengthen other aspects of America’s national security and prevent identity theft and other crimes. Since the information being shared is largely technical data, Americans’ privacy is not in danger. Information sharing should also, of course, be subject to robust congressional and executive oversight.
The time is now for Congress and the Administration to craft a stronger, more effective cybersecurity policy. Information sharing across and among the public and private sectors is a critical component to protecting the nation.
Jennifer Guthrie is currently a member of the Young Leaders Program at The Heritage Foundation. For more information on interning at Heritage, please click here.