New Congress Resumes Crucial Work on Improving the Ability to Share Cyber Threat Information
There is generally widespread understanding that, in order to detect, prevent, and mitigate threats in cyberspace, the ability to share relevant information between and among industry and government stakeholders is a cornerstone to achieving timely, reliable, and actionable situational awareness, as well as better analysis and collaboration.
TIA, representing the ICT manufacturer, vendor, and supplier community, believes that Congress must act to enable the voluntary sharing of real-time bi-directional cybersecurity information amongst and between key government and industry partners (and their suppliers) by providing adequate liability protections, while also ensuring that an information-sharing regime appropriately addresses privacy and civil liberties concerns.
While the previous Congress, both in the House and Senate, took action to address information sharing, no bill ended up making its way to the President's desk for his signature.
Meanwhile, the number and diversity of cyber-based threats to both businesses and the government continue to increase, reinforcing not only the national security impacts, but also those that are economic. Despite this, the new legislature (and the Administration), continue to recognize the need for Congress to act to improve information sharing.
In mid-January, President Obama unveiled new cybersecurity legislative proposals to address information sharing, as well as law enforcement authority to combat cyber crime and normalization of data breach reporting thresholds. H.R. 624, the Cyber Intelligence Sharing and Protection Act (CISPA), was reintroduced by Rep. Dutch Ruppersberger in the House (TIA supported CISPA in the last Congress).
Work is also afoot in the Senate to address information sharing, building on the Cybersecurity Information Sharing Act of 2014 (CISA) from the previous Congress. And most recently, the Senate Homeland Security and Governmental Affairs Committee held a hearing titled Protecting America from Cyber Attacks: The Importance of Information Sharing, with encouraging results.
TIA continues to work with Congress to ensure successful information sharing in the protection of the United States from cyber attacks. For example, TIA joined a large coalition of industry associations from across the critical infrastructure sectors to encourage the full Senate to address information sharing as quickly as possible.
TIA also submitted a letter for the record of the January 28 House Homeland Security and Governmental Affairs Committee hearing on information sharing, explaining that Congress should act to enable the voluntary sharing of real-time bi-directional cybersecurity information; and our support for existing public-private partnerships (many of which TIA and its members participate in heavily), as well as efforts of Federal agencies under existing laws and authorities, to facilitate information sharing and to improve cooperation in defense against cyber attacks.
It's also important to note that information sharing should not be viewed as the end game. Rather, information sharing is a tool to achieve timely, reliable, and actionable situational awareness through information sharing, analysis, and collaboration. That is why it is important for Congress to, in addition to addressing information sharing, act in other important areas, such as to improve cybersecurity R&D, workforce training and education, and public awareness.
While there is much work to be done, TIA looks forward to continued progress towards needed cybersecurity legislation.