A central point for collection of information that relates to computer security. Including, but not limited to, security advisories from the major vendors, major data breaches, “phishing” alerts, commentary regarding staffing levels. etc. etc.
PRECISE Act, H.R. 3674
February 4, 2012 at 9:05 pm #151893
Long way to go yet but BE AWARE!
Have attached the original legislation and the Amendments agreed to by the House Subcommittee
Lungren Cybersecurity Bill Takes Careful, Balanced Approach
Legislation to promote information sharing for cybersecurity purposes was marked up and reported out favorably – and unanimously – on February 1 by the House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies. The bill, sponsored by subcommittee chairman Dan Lungren (R-CA) and formally titled the Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act (PRECISE Act, H.R. 3674), balances cybersecurity, innovation, industry and civil liberties concerns, and CDT supports the legislation. I testified about a draft of the bill in December. Amendments adopted by the Subcommittee further improved the bill. In our view, the Lungren bill is far preferable to the Cyber Intelligence Sharing and Protection Act (CISPA, H.R. 3523) reported in December by the House Permanent Select Committee on Intelligence.
There is widespread agreement that ISPs and other operators of computer networks need clearer legal authority in order to be able to share with each other – and with the government – signatures and other information about suspected attacks on their networks. However, since we are talking about privately-owned and operated networks that carry personal communications, any sharing of information must be carefully controlled.
The core provisions of the PRECISE Act would promote information sharing for cybersecurity purposes by creating a narrow cybersecurity exception to all potentially applicable laws, including all privacy laws. The Act would establish a non-profit, quasi-governmental National Information Sharing Organization to serve as a national clearinghouse for the voluntary exchange of “cybersecurity threat information,” taking in reports, and sharing them back out, among the federal government, state and local governments, and industry. We believe that NISO, a privately-run information sharing hub, is likely to be more effective at quickly responding to cybersecurity threats – and would pose fewer civil liberties risks – than would a government-run information sharing hub. While the NISO board of directors would have governmental representatives and representatives of privacy interests, it would be dominated by industry.
The bill promotes information sharing while protecting privacy and civil liberties by:
- carefully defining the types of cyber threat information that can be shared through the clearinghouse;
- specifically requiring that personally identifiable information not necessary to describe a cyber threat may not be shared with and by the clearinghouse;
- restricting to cybersecurity purposes the use and disclosure of the information shared with and by the clearinghouse;
- creating a limited private right of action for persons injured by the disclosure or use of information for other than cybersecurity purposes when such conduct is willful or intentional, and is not in good faith;
- limiting law enforcement use of information shared for cybersecurity purposes to prosecute only cybersecurity crimes, thus helping to ensure that cybersecurity information sharing does not become a back door wiretap or surveillance program;
- avoiding giving the government authority to shut down or limit Internet traffic in a cybersecurity emergency; and
- cementing DHS as the lead federal agency for cybersecuirty for the civilian government and private sectors, instead of putting the National Security Agency or DOD’s new Cybercommand in this role.
You must be logged in to reply to this topic.