There
was a short
article over on the WashingtonPost.com Monday about a draft Senate bill
addressing information sharing with respect to cybersecurity. The editors were
kind enough to share
a link to the possible proposed legislation that is being crafted by Sen.
Feinstein (D,CA) and Sen. Chambliss (R,GA).
It
is way too early in the process to delve too far into this bill as it is way
early in the legislative process and may die without being introduced. Having
said that, there are some interesting provisions being considered. Before going
into those I must warn readers that this is at heart an IT bill with no mention
of control systems and I want to remind readers that Senate cybersecurity bills
normally die with even less action than in the House.
There
is the definition of the term ‘malicious reconnaissance’ {§2(15)} that is an apparent
attempt to deal with the separation of cyber-attacks from the mere act of
unauthorized access of a system. This combined with the reference to First
Amendment protections in the definition of ‘cybersecurity threat’ would seem to
protect political hacking of a system for information gathering purposes.
The
draft bill would provide limitations on the government use of information
voluntarily shared with the Federal government. Those limitations would include
the prohibition of:
• Public disclosure under Federal, State
and local disclosure laws;
• Use in regulatory actions;
• Use in criminal prosecutions (without
prior written consent of original discloser).
It
would provide anti-trust exemptions for cybersecurity information sharing
between private entities. This would address the issue raised by recent
ephemeral DOJ opinions about the non-applicability of anti-trust laws.
Finally,
I must repeat my cautionary statement about the potential for this bill to move
forward in the Senate. There have been many cybersecurity bills discussed in
the Senate that were never introduced. Few of those that have been introduced
ever saw any Committee action and none have made it to the floor for a vote.
This is still an interesting IT security bill.
Posts
No comments:
Post a Comment