Connect with us

Hi, what are you looking for?



House Intelligence Committee Introduces Cyber-Threat Sharing Bill

The House Intelligence Committee introduced legislation Tuesday to provide liability protection for companies that share threat intelligence information with one another or the federal government.

The House Intelligence Committee introduced legislation Tuesday to provide liability protection for companies that share threat intelligence information with one another or the federal government.

The bill deals only with the voluntary sharing of cyber-threat indicators by the private sector, and requires companies remove personal information before any data is shared. It also limits the private-to-private and private-to-government information sharing to cyber-threat indicators and defensive measures meant to combat a threat. The legislation does not permit the sharing of information for non-cyber purposes, and imposes restrictions on the use, storage and searching of any data voluntarily shared with the government.

The committee is expected to vote on the legislation Thursday. If it successfully passes, it would likely be sent to the full House for a vote in late April, according to Reuters.

“We cannot continue to allow outdated laws to be the barriers to solutions,” said Cybersecurity Subcommittee Chairman Lynn Westmoreland (R-GA), in a statement. “The Protecting Cyber Networks Act enhances our cybersecurity by allowing information sharing on imminent cyber threats between the private and public sectors, and by ensuring that personally identifiable information is not compromised during the process. When we empower American businesses and citizens to work together, we can fight back against hackers and cyberterrorists for the good of our nation and all its people.”

A similar bill, the Cybersecurity Information Sharing Act (CISA), was recently approved by the Senate Intelligence Committee.

Dave Meltzer, chief research officer at Tripwire, said the security industry has spent the past several years building up the technology to make the sharing of cyber-threat data possible. To really make implementing that a reality however will take legislation, he said.

“Corporations need to be protected when they share intelligence outbound from liability, and this bill covers that, and the government needs to have the directive to share that intelligence they receive, and intelligence generated inside the government, back out to the private sector, which is also covered,” he said. “It would be a shame if privacy concerns, which are really about future unintended consequences of this legislation than the reality to the actual cyber-threat indicators being shared today, torpedo these key parts of the legislation that are positive and needed to move our nation’s cyber-security forward. I hope the privacy concerns can and have been adequately addressed in the latest amendments, so that our Congress can come together to move this legislation forward quickly.”

Advertisement. Scroll to continue reading.

Subcommittee Ranking Member Jim Himes (D-Conn.) called the legislation an important step.

“Experts from all corners agree that a balanced cyber information sharing bill is a critical next step in securing our networks, preserving our privacy and safeguarding against the kinds of cyber-attacks we’ve seen against Anthem, Target and Home Depot,” he said in a statement. “This legislation marks an important step and I look forward to working with my colleagues to improve the proposal as it moves forward and to ensure that Congress passes a comprehensive cybersecurity bill this year.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.