Proposed Cybersecurity Information Sharing Act of 2015
The U.S. Senate Intelligence Committee released the Cybersecurity Information Sharing Act of 2015 (S.754) on March 18, 2015. The bill would encourage the sharing of cybersecurity threat information, require measures to protect individual privacy and civil liberties interests, and offer liability protections to the private sector. Under the bill, information sharing would be voluntary, and would cover only cyberthreat information. Information could be shared among private entities, and with or by the federal government. Companies sharing information with the government generally must do so only through a Department of Homeland Security portal established by the bill. The government could use shared data only for cybersecurity purposes.
The bill also would prohibit the use of “offensive countermeasures” and destructive activities. Only “defensive measures” would be authorized for a company’s own computer networks and others’ networks with consent.
Under the bill, before sharing cyberthreat information, companies must remove personally identifying consumer information.