In April, the US House of Representatives passed two pieces of legislation aimed at bolstering information sharing between the government and the private sector. If signed into law, the “Protecting Cyber Networks Act” and the “National Cybersecurity Protection Advancement Act” would strengthen liability protections for corporations who share cyber threat data with the government.
Both bills aim to encourage companies to keep one another informed about the evolving tools and techniques of advanced hackers. This will be accomplished by sharing technical data relating to cyber attacks in real-time with government intermediaries. A similar bill, the Cybersecurity Information Sharing Act, is already being prepared in the Senate and will most likely be voted on this month. The White House has publicly expressed support for these acts.
The spate of high-profile cyber attacks over the past two years has generated great momentum for the US government to enhance defenses for information security.
Until recently, the bulk of the government’s response to cyber attacks came from the executive branch. The White House began pushing for collaboration on cyber defense in 2013, ordering the National Institute of Standards and Technology to work with stakeholders to develop a voluntary framework for reducing cyber risks to critical infrastructure. For a brief period, lawmakers resolve for passing serious cybersecurity legislation was severely dampened as a result of revelations by Edward Snowden about bulk data collection by the NSA. However, in the weeks following his 2015 State of the Union address, President Obama revived discussion of cybersecurity legislation and endorsed the idea of more widespread information sharing between the US government and the private sector.
Various actors in the private sector have also warmed to the idea of greater collaboration with the government. The American Chamber of Commerce, noting that nearly 85 percent of the nation’s critical infrastructure is owned or operated by the private sector, has advocated for such companies to be actively involved in the formulation of homeland security policies. They have also sought legal and regulatory protections to enable such cooperation. Several of the biggest American software, telecommunications, and information technology firms, including AT&T, Symantec, Microsoft, IBM, and Oracle, have written letters of support for the information sharing bills before Congress.
The movement toward greater cyber defense collaboration acknowledges that the threat posed by hackers is becoming too great for any one entity to handle effectively. As legal and regulatory protections are enacted to facilitate this trend, any holdouts will undoubtedly see the cost of non-participation rise. Inaction is likely to only expose parties to negligence litigation in the event of a cyber attack.