Will Congress require companies to share data on cyber-security breaches?
Senators Dianne Feinstein, a California Democrat, and Saxby Chambliss, a Georgia Republican, are circulating a draft of the new cyber-security bill among key stakeholders.
Washington — US administration officials, private sector executives and privacy advocates are reviewing a draft of a bill that would encourage sharing of cybersecurity data between the government and companies, two key Senators said on Wednesday.
Senate Intelligence Committee Chairman Dianne Feinstein, a California Democrat, and Vice Chairman Saxby Chambliss, a Georgia Republican, said they have circulated the draft to key stakeholders in its early stages to avoid the disagreements that have thwarted passage in the past.
"We have worked together for months to draft a bill that allows companies to monitor their computer networks for cyber attacks, promotes sharing of cyber threat information and provides liability protection for companies who share that information," Feinstein and Chambliss said in a statement.
U.S. lawmakers have been considering legislation to provide clarity about how private companies should be required to disclose security breaches and cyber threats, but spats over liability and privacy protections have thwarted passage of comprehensive cyber security bills thus far.
Many companies have urged Congress to pass cyber legislation but ensure that it limits the private sector's liability in sharing cyber data.
The Republican-controlled House of Representatives last year for the second time passed legislation addressing cyber information sharing, but efforts fizzled in the Senate, where many Democrats had sought a broader bill.
Earlier this month, Wes Bush, chief executive of U.S. weapons maker Northrop Grumman Corp urged lawmakers to pass a bill that would enable companies to take more decisive action to protect their computer networks without fear of being sued.
"To be successful, we ultimately have to provide the corporate partners that we would share information with some level of liability protection," Admiral Michael Rogers, the new National Security Agency and U.S. Cyber Command chief, said at his confirmation hearing in March.
Privacy advocates have opposed giving companies liability protections, worried of abuses of consumer data both by the private sector and the government.
The bill by Feinstein and Chambliss would offer liability protections and considers the possibility of data being shared not only with a civilian government agency but also military or intelligence agencies, according to a copy posted by the Washington Post, which first reported news of the draft. (Editing by Ros Krasny and Chris Reese)