A draft cyber security bill is circulating in Congress that will promote information sharing on cyber threats between private industry and government by offering liability protection. The draft legislation was introduced by Senate Intelligence Committee Chairwoman Dianne Feinstein (D-Ca) and Vice Chairman Saxby Chambliss (R-Ga). Officials familiar with the draft legislation says there’s no timeline for when the complete bill will be introduced, saying only that the legislation is merely a “discussion draft.”
This is not the first time an attempt has been made to pass cyber security legislation. In April of 2013 the House of Representatives approved the Cyber Intelligence Sharing and Protection Act by a 288-127 vote. The Obama administration threatened to veto the bill because privacy protections were inadequate. The administration’s response, written by White House Cybersecurity Coordinator Michael Daniel and Federal Chief Technology Officer Todd Park, stated the Obama administration advocates for cyber security legislation that protects privacy. “It’s important to keep in mind that there is a larger legislative process that is ongoing as we speak, including efforts in the Senate,” Daniel and Park wrote.
The second major issue hindering the passing of cyber security legislation is differences over how much liability protection to grant businesses to get them to share cyberthreat information. Congress simply can’t agree on how much liability protection to offer. Sen. Tom Carper (D-Del), Chairman of the Senate Homeland Security and Governmental Affairs Committee, said “The one issue that has made it difficult for us to put together any kind of comprehensive cybersecurity security has been our inability to agree on what kind of liability is appropriate.”
Th fundamental concern with providing liability protection is that businesses could potentially exploit it to collude on other matters. Democrats are the primary supporters of targeted liability protection arguing it would provide sufficient protection to enable businesses to share cyberthreat information. Republicans argue businesses would not feel adequately protected if they were granted only limited liability. Corporate legal counsel would caution them that they could still be subject to legal action.
The Obama administration has twice threatened to veto House legislation providing broad liability protection and there are no indications they will compromise. “This broad liability protection not only removes a strong incentive to improving cybersecurity, it also potentially undermines our nation’s economic, national security, and public safety interests,” the administration said.
Breaking it Down
We could go round and round with this forever. And it seems that is what Congress is going to be doing. The question of liability can easily be translated to mean, we don’t want to pay for our sloppy IT networks.
Private corporations are doing a piss poor job of protecting the consumer. Data breaches are national disgrace and yet they want liability protection. Those we elected to represent us have failed to do anything in this areas because they are looking in the face of lobbyist everyday and those lobbyist have open checkbooks. Why not share information about cyber threats? Instead of working with the government the private corporations are too busy trying to cover their collective asses. Why? because what they are doing on their side of the issue is sloppy and careless. If we can’t get the legislative branch to whip then into shape then let them get sued. Money is the only thing they understand.
I am personally appalled that the government has not mandated that any information regarding cyber threats be reported immediately. The reason this isn’t done voluntary is because the corporation don’t want to answer questions about how carelessly they are handling things. Example. Target stores.