While Congress is unable or unwilling to move forward on
cybersecurity information sharing legislation, the Department of Defense
published their final rule on cybersecurity information sharing with its
Defense Industrial Base (DIB) partners in today’s Federal Register (78 FR
62430-62438). I
discussed many of the details of this rule last year when DOD published
their interim final rule on the topic.
Public Comments and
DOD Responses
With the numerous controversies surrounding this topic
(controversies that are responsible in large part for the congressional paralysis
on the issue) it is not unexpected that the DOD received a large number of
comments. The bulk of the preamble to this final rule deals with identifying
and responding to the issues raised. In all but two cases the DOD response
boiled down to: “No change is made to the rule”.
The first comment
eliciting a change in the rule dealt with the definition of a “US Citizen” in
the rule and the DOD clarified that issue by removing the phrase ‘holding a
U.S. passport’ as part of the definition of ‘U.S. citizen’ in §236.2(o).
The second comment
dealt with a requirement in the program to conduct a legal review of the
implementation of the program and the language in §236.6 that appeared to
require a violation of attorney-client privilege. DOD responded by removing the
second sentence in §236.6(c), noting that that sentence “was not intended to
imply that there was a requirement to provide such information as a condition
of the program”.
Effective Date
This program is currently running under the interim final
rule. The limited changes made in this final rule become effective on November
21st, 2013.
Posts
No comments:
Post a Comment