Protecting Cyberspace as a National Asset Act

[Guest LAW]

Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman, ID-Conn., Ranking Member Susan Collins, R-Me., and Federal Financial Management Subcommittee Chairman Tom Carper, D-De., Thursday introduced comprehensive legislation to modernize, strengthen, and coordinate the security of federal civilian and select private sector critical infrastructure cyber networks.

 

The Protecting Cyberspace as a National Asset Act of 2010, S.3480, would create an Office of Cyber Policy in the White House with a director accountable to the public who would lead all federal cyberspace efforts and devise national cyberspace strategy. A National Center for Cybersecurity and Communications within the Department of Homeland Security, also led by a director accountable to the public, would enforce cybersecurity policies throughout the government and the private sector. The bill would also establish a public/private partnership to set national cyber security priorities and improve national cyber security defenses.

 

The Committee will held a hearing on the legislation June 15, 2010.

 

"The Internet may have started out as a communications oddity some 40 years ago but it is now a necessity of modern life, and sadly one that is under constant attack," said Lieberman. "It must be secured, – and today, Senators Collins, Carper, and I have introduced a bill which we believe will do just that. The Protecting Cyberspace as a National Asset Act of 2010 is designed to bring together the disjointed efforts of multiple federal agencies and departments to prevent cyber theft, intrusions, and attacks across the federal government and the private sector. The bill would establish a clear organizational structure to lead federal efforts in safeguarding cyber networks. And it would build a public/private partnership to increase the preparedness and resiliency of those private critical infrastructure cyber networks upon which our way of life depends.

 

"For all of its 'user-friendly' allure, the Internet can also be a dangerous place with electronic pipelines that run directly into everything from our personal bank accounts to key infrastructure to government and industrial secrets. Our economic security, national security and public safety are now all at risk from new kinds of enemies -- cyber-warriors, cyber-spies, cyber-terrorists and cyber-criminals.

 

"The need for this legislation is obvious and urgent."

 

Collins said: "As our national and global economies become ever more intertwined, cyber terrorists have greater potential to attack high-value targets. From anywhere in the world, they could disrupt telecommunications systems, shut down electric power grids, and freeze financial markets. With sufficient know-how, they could cause billions of dollars in damage and put thousands of lives in jeopardy. We cannot afford to wait for a "cyber 9/11" before our government finally realizes the importance of protecting our digital resources, limiting our vulnerabilities, and mitigating the consequences of penetrations of our networks.

 

"Yet, for too long, our approach to cyber security has been disjointed and uncoordinated. Our vital legislation would fortify the government's efforts to safeguard America's cyber networks from attack. This bill would build a public/private partnership to promote national cyber security priorities and help prevent and respond to cyber attacks."

 

Carper said: "Over the past few decades, our society has become increasingly dependent on the internet, including our military, government, and businesses of all kinds. While we have reaped enormous benefits from this powerful technology, unfortunately our enemies have identified cyber space as an ideal 21st century battlefield. We have to take steps now to modernize our approach to protecting this valuable, but vulnerable, resource. This legislation is a vital tool that America needs to better protect cyber space. It encourages the government and the private sector to work together to address this growing threat and provides the tools and resources for America to be successful in this critical effort."

 

Key elements of the legislation include:

 

1. Creation of an Office of Cyberspace Policy in the Executive Office of the President run by a Senate-confirmed Director, who will advise the President on all cybersecurity matters. The Director will lead and harmonize federal efforts to secure cyberspace and will develop a national strategy that incorporates all elements of cyberspace policy, including military, law enforcement, intelligence, and diplomatic. The Director will oversee all related federal cyberspace activities to ensure efficiency and coordination.

 

2. Creation of a National Center for Cybersecurity and Communications (NCCC) at the Department of Homeland Security (DHS) to elevate and strengthen the Department's cyber security capabilities and authorities. The Director will regularly advise the President on efforts to secure federal networks. The NCCC will be led by a Senate-confirmed Director, who will report to the Secretary. The NCCC will include the United States Computer Emergency Response Team (US-CERT), and will lead federal efforts to protect public and private sector cyber and communications networks.

 

3. Updates the Federal Information Security Management Act (FISMA) to modernize federal agencies practices of protecting their internal networks and systems. With strong leadership from DHS, these reforms will allow agencies to move away from the system of after-the-fact paperwork compliance to real-time monitoring to secure critical systems.

 

4. Requiring the NCCC to work with the private sector to establish risk-based security requirements that strengthen cyber security for the nation's most critical infrastructure that, if disrupted, would result in a national or regional catastrophe.

 

5. Requiring covered critical infrastructure to report significant breaches to the NCCC to ensure the federal government has a complete picture of the security of these sensitive networks. The NCCC must share information, including threat analysis, with owners and operators regarding risks to their networks. The Act will provide specified liability protections to owners/operators that comply with the new risk-based security requirements.Creation of a responsible framework, developed in coordination with the private sector, for the President to authorize emergency measures to protect the nation's most critical infrastructure if a cyber vulnerability is being exploited or is about to be exploited. The President must notify Congress in advance before exercising these emergency powers. Any emergency measures imposed must be the least disruptive necessary to respond to the threat and will expire after 30 days unless the President extends them. The bill authorizes no new surveillance authorities and does not authorize the government to "take over" private networks.

 

6. Development of a comprehensive supply chain risk management strategy to address risks and threats to the information technology products and services the federal government relies upon. This strategy will allow agencies to make informed decisions when purchasing IT products and services.

 

7. Requiring the Office of Personnel Management to reform the way cyber security personnel are recruited, hired, and trained to ensure that the federal government has the talent necessary to lead the national cyber security effort and protect its own networks.

[Guest LAW]

THE PROTECTING CYBERSPACE AS A NATIONAL ASSET ACT OF 2010

Homeland Security and Governmental Affairs Committee

Chairman Joe Lieberman

Ranking Member Susan Collins

Senator Thomas Carper

 

The Protecting Cyberspace as a National Asset Act of 2010 – introduced by Senators Lieberman, Collins, and Carper – will modernize the government's ability to safeguard the nation's cyber networks from attack and will establish a public/private partnership to set national cyber security priorities and improve national cyber security defenses.

 

Significant provisions of the bill include:

 

White House Office for Cyberspace Policy: The Act establishes an office in the Executive Office of the President, run by a Senate-confirmed Director, who will advise the President on all cybersecurity matters. The Director will lead and harmonize federal efforts to secure cyberspace and will develop a national strategy that incorporates all elements of cyberspace policy, including military, law enforcement, intelligence, and diplomatic. The Director will oversee all related federal cyberspace activities to ensure efficiency and coordination. The Director will report regularly to Congress to ensure transparency and oversight.

 

National Center for Cybersecurity and Communications: The Act establishes the National Center for Cybersecurity and Communications (NCCC) at the Department of Homeland Security (DHS) to elevate and strengthen the Department's cyber security capabilities and authorities. The NCCC will be led by a Senate-confirmed Director, who will report to the Secretary. The Director will regularly advise the President regarding the exercise of authorities relating to the security of federal networks. The NCCC will include the United States Computer Emergency Response Team (US-CERT), and will lead federal efforts to protect public and private sector cyber and communications networks. The NCCC will detect, prevent, analyze, and warn of cyber threats to these networks.

 

Protecting Critical Infrastructure: The NCCC will work with the private sector to establish risk-based security requirements that strengthen the cyber security for the nation's most critical infrastructure, such as vital components of the electric grid, telecommunications networks, and control systems in other critical infrastructure that, if disrupted, would result in a national or regional catastrophe. Owners and operators of critical infrastructure covered under the Act could choose which security measures to implement to meet these risk-based performance requirements. Covered critical infrastructure must report significant breaches to the NCCC to ensure the federal government has a complete picture of the security of these networks. The NCCC must share information, including threat analysis, with owners and operators regarding risks to their networks. The Act will provide liability protections to owners/operators that comply with the new risk-based security requirements. The NCCC will work with other federal agencies to avoid duplication of effort and to promote efficiency.

 

Promoting Cybersecurity: The NCCC will produce and share useful warning, analysis, and threat information with the private sector, other federal agencies, state and local governments, and international partners. The NCCC will collaborate with the private sector to develop best practices for cyber security. By developing and promoting best practices and providing voluntary technical assistance as resources permit, the NCCC will help improve cyber security across the nation. Information the private sector shares with the NCCC will be protected from public disclosure, and private sector owners and operators may obtain security clearances to access information necessary to protect the IT networks the American people depend upon.

Protecting Against Catastrophic Attack: The Act will provide a responsible framework, developed in coordination with the private sector, for the President to authorize emergency measures, limited in both scope and duration, to protect the nation's most critical infrastructure if a cyber vulnerability is being exploited or is about to be exploited. The President must notify Congress in advance about the threat and the emergency measures that will be taken to mitigate it. Any emergency measures imposed must be the least disruptive necessary to respond to the threat. These emergency measures will expire after 30 days unless the President orders an extension. The bill does not authorize any new surveillance authorities, or permit the government to "take over" private networks.

 

Protection of Federal Networks: The Act will codify and strengthen DHS authorities to establish complete situational awareness for federal networks and develop tools to improve resilience of federal government systems and networks. The Act reforms the Federal Information Security Management Act (FISMA) to transition from paper-based to real-time response to threats against government systems.

 

Procurement Reform: The Act will require development of a comprehensive supply chain risk management strategy to address risks and threats to the information technology products and services the federal government relies upon. This strategy will allow agencies to make informed decisions when purchasing IT products and services. It will be implemented through the Federal Acquisition Regulation, requiring contracting officers to consider the security risks inherent in agency IT procurements. The bill would also require specific training for the federal acquisition workforce to enhance the security of federal networks.

 

Workforce Reform: The Office of Personal Management will reform the way cyber security personnel are recruited, hired, and trained to ensure that the federal government has the talent necessary to lead the national cyber security effort and protect its own networks. The Act also provides DHS with temporary hiring and pay flexibilities to assist in the quick establishment of the NCCC.

[Luke_Wilbur]

Is the Perfect Citizen Program an intrusion by the NSA into domestic affairs or an important program to combat an emerging security threat that only the NSA is equipped to provide?

[Guest LAW]

LIEBERMAN, COLLINS, CARPER RESPOND TO MISPERCEPTIONS ABOUT THEIR CYBERSECURITY LEGISLATION

Cisco, IBM, Oracle Misread Bill on Supply Chain Risk Management

July 1, 2010

 

 

 

Mr. John T. Chambers

Chairman, President and Chief Executive Officer

Cisco Systems, Inc.

170 West Tasman Drive

San Jose, CA 95134

 

Mr. Samuel J. Palmisano

Chairman, President and Chief Executive Officer

IBM Corporation

1 New Orchard Road

Armonk, New York 10504

 

Mr. Lawrence J. Ellison

Chief Executive Officer

Oracle Corporation

500 Oracle Parkway

Redwood Shores, CA 94065

 

Dear Mr. Chambers, Mr. Palmisano, and Mr. Ellison:

 

On June 24, 2010, your companies wrote to us concerning the Protecting Cyberspace as a National Asset Act, S. 3480. We introduced this bill on June 10, and it was favorably reported out of the Homeland Security and Governmental Affairs Committee on June 24 by a unanimous voice vote. This legislation is informed by years of oversight by this Committee and is the result of more than a year of drafting. Our staff spent considerable time working with industry representatives – including representatives from your companies – and the bill, as reported, addresses many of the concerns your companies raised during that time.

 

We hope that the information provided below will address some of the concerns and misconceptions you have about the bill and its scope.

 

Section 253. In your letter, you state that developing and implementing a supply chain risk management strategy for federal information technology procurement would "in effect, regulate the information technology sector." This statement is simply not supported by the text of the bill.

 

As an initial matter, requiring a strategy on supply chain security for federal information technology procurements – which will be developed in consultation with numerous agencies, councils, and the private sector – would not regulate the information technology sector writ large. Rather, this section directs the Federal Acquisition Regulatory Council (FAR Council) to use its existing authority over federal government procurements to implement the strategy, in much the same way as efforts already under way at the Department of Defense and Department of Homeland Security (DHS) as part of Initiative 11 of the Comprehensive National Cybersecurity Initiative (CNCI).

 

Homeland Security Presidential Directive-23 explained the need for supply chain risk management for government information technology procurements:

 

Globalization of the commercial information and communications technology marketplace provides increased opportunities for those intent on harming the United States by penetrating the supply chain to gain unauthorized access to data, alter data, or interrupt communications. Risks stemming from both the domestic and globalized supply chain must be managed in a strategic and comprehensive way over the entire lifecycle of products, systems and services. Managing this risk will require a greater awareness of the threats, vulnerabilities, and consequences associated with acquisition decisions; the development and employment of tools and resources to technically and operationally mitigate risk across the lifecycle of products (from design through retirement); the development of new acquisition policies and practices that reflect the complex global marketplace; and partnership with industry to develop and adopt supply chain and risk management standards and best practices."

 

We agree with this assessment, which is why section 253 creates a responsible, flexible, and comprehensive approach, in partnership with industry, to ensure that we have greater security built into critical federal networks and systems. We also believe that developing a single, unified, approach to this problem will be less burdensome for industry than myriad agency policies developed ad hoc.

 

Moreover, to ensure that this section does not place an unnecessary burden on industry, the bill requires the strategy "to the maximum extent practicable, promote the ability of federal agencies to procure authentic commercial off the shelf information and communications technology products and services from a diverse pool of suppliers." This is further echoed in the requirement in subsection (d) that the strategy "be consistent with the preferences for the acquisition of commercial items under section 2377 of title 10, United States Code, and section 314B of the Federal Property and Administrative Services Act of 1949 (41 U.S.C. 264b)." On numerous occasions, your companies have expressed the belief that industry is taking sufficient steps to protect its supply chain and guarantee software assurance. Thus, the strategy should be consistent with the internal practices of most IT companies that do business with the federal government.

 

Your letter also raises concerns that Section 253 would require "all purchases by the government . . . to meet standards approved by NIST." But this requirement is not new; the National Institute of Standards and Technology (NIST) has had responsibility for some time in "develop[ing] standards and guidelines, including minimum requirements, for information systems used or operated by an agency or by a contractor of an agency." Only recently has the federal government began to leverage NIST's unique relationship with the private sector to help develop interoperable standards that will allow both vendors and agencies to come together and define what "secure" really means. In fact, in July 2007, OMB issued a memorandum to require information technology providers to use the Secure Content Automated Protocol – a technology-neutral, interoperable standard developed by NIST – to certify that their products would not unintentionally alter network security configurations. As such, your concern seems directed at current law and practice – not this provision, which supports NIST's important, ongoing work in this area.

 

Your letter also expresses concern that Section 253 will undermine the Common Criteria and suggests that instead the "Common Criteria should be reviewed and improved upon, so as to improve its weaknesses without losing its strengths." But your objections, again, are not supported by the text, as section 253 both incorporates international standards and provides a mechanism for recommending improvements where the standards are deficient. Section 253 explicitly requires that the strategy place particular emphasis on "the use of internationally-recognized standards and standards developed by the private sector and develop[ment of] a process, with the NIST, to make recommendations for improvements of the standards." Indeed, this provision was based largely on language recommended by your representatives.

 

Your letter also asserts that "the expertise in this area does not currently reside at DHS, the agency granted regulatory authority under the bill." First, as we noted above, the strategy is not regulatory in nature, as any change to existing procurement regulations will be done by the FAR Council using existing notice and comment procedures. Second, the statement reflects a misreading of the bill – the strategy is not a DHS product; rather, it will be the result of a broad inter-agency effort, as well as a partnership with the private sector, that will be led, but not dictated, by DHS.

Third, and more fundamentally, the responsibility for protecting the American people from a large-scale domestic attack – in any form – is at the heart of DHS's mission. It has responsibility for securing our nation's critical infrastructure, and for protecting the government's "dot-gov" domain. Quite simply, no other agency is as well-positioned as DHS to lead the cooperative effort set forth by Section 253. Any effort to secure our civilian government systems and our critical cyber infrastructure must leverage the mission and resources of DHS – doing otherwise would waste taxpayer resources on duplicative efforts at other agencies and exacerbate coordination challenges. DHS is already the department within the federal government building partnerships with the private sector to secure our critical infrastructure and key resources, and Section 253 builds on that responsibility and capability.

 

Lastly, this section of the letter expressed concern that our bill would "circumvent" the authority of the National Security Staff's Cybersecurity Coordinator. We appreciate your expression of support for the concept of an overall federal coordinator for cybersecurity, and assure you that nothing in our bill will undermine the authority of such an office Instead, it would ensure that the Director has sufficient authority to set strategy and policy, oversee its implementation, and resolve inter-agency disputes, including in the development of the strategy that Section 253 would mandate. Our bill would also ensure that the Congress and the public (including industry) have full insight into the activities of the White House office.

 

Section 242. Our legislation, as your letter notes, creates a National Center for Cybersecurity and Communications (NCCC) within the DHS to elevate our nation's focus on the security of civilian government systems and vulnerable private sector networks, especially those that are most critical to our nation's welfare. The NCCC will serve as a partner with the private sector, relying on voluntary information sharing programs to gain a better understanding of the risk our nation faces from cyber threats. Your letter is correct that the responsibility of the NCCC would include "assist[ing] in the identification, remediation, and mitigation of vulnerabilities to . . . the national information infrastructure."

 

Among other ways, the NCCC would do so by promoting risk-based best practices established under Section 247 of the new law – best practices developed in consultation with the private sector and based to the maximum extent possible on existing private sector standards. The NCCC – at the request of the private sector – would be available to provide voluntary technical assistance. The programs our bill would establish at the NCCC would form the foundation for a collaborative relationship with the private sector – a relationship built on trust and interaction versus overly burdensome top-down regulatory mandates.

 

By working in partnership and voluntarily sharing information with the private sector, the NCCC will have a better understanding of the threats and vulnerabilities our nation faces in cyberspace, "situational awareness" of our nation's cybersecurity posture. In your remarks on the NCCC's responsibility to develop this "situational awareness," your letter asserts, incorrectly, that the bill would lead to the "deployment of government monitoring devices on private networks."

 

It is extremely misleading to argue that our legislation would grant the NCCC any authority to monitor or compel the production of information from the private sector. Indeed, the legislation expressly states – in numerous places – that it would grant no authority to the federal government to conduct surveillance on private networks or compel the production of information. Indeed, in the very section (Sec. 242(f)(1)©) cited in your letter regarding "dynamic, comprehensive, and continuous situational awareness of the security status of . . . the national information infrastructure," our legislation makes clear that the NCCC's analysis will be based on "sharing and integrating classified and unclassified information . . . on a routine and continuous basis" with several federal cyber operations centers and the private sector. Moreover, as it relates to the private sector, that section explicitly states that information will be shared with the NCCC from "any non-Federal entity, including, where appropriate, information sharing and analysis centers, identified by the Director, with the concurrence of the owner or operator of that entity and consistent with applicable law." (Emphasis added). Indeed, our legislation carefully distinguishes between the "situational awareness" required under Section 242(f)(1)© and the "automated and continuous monitoring" that would be required for federal networks under Title III. It is simply incongruous to interpret section 242, as your letter does, as an authorization to deploy "government monitoring devices on private networks."

 

Section 248( b ). The assertion in your letter that the regulatory authority in Section 248( b ) is "apparently unbounded" is equally without merit. Quite to the contrary, our bill specifies that only those systems or assets whose disruption would cause a national or regional catastrophe could be subject to the bill's mandatory risk-based security performance requirements. To qualify as a national or regional catastrophe, the disruption of the system or asset would have to cause:

 

• mass casualties with an extraordinary number of fatalities;

• severe economic consequences;

• mass evacuations of prolonged duration; or

• severe degradation of national security capabilities, including intelligence and defense functions.

 

Thus, the bill sets up a process that clearly defines – and limits – the systems and assets that the Secretary of Homeland Security can identify as covered critical infrastructure.

 

Owners/operators who believe their systems and assets were erroneously identified as covered critical infrastructure will have an opportunity to appeal their coverage through administrative procedures. This will help ensure that only our nation's most critical systems or assets are covered by the risk-based security performance requirements in Section 248. Thus, we do not believe that the scope of covered critical infrastructure is overly broad, and it is simply wrong to claim that the reach of the section is "unbounded." In devising its regulatory structure, our bill appropriately seeks to protect against the most catastrophic risks to our country.

 

In implementing risk-based security performance requirements, the legislation also builds in flexibility for the owners and operators of covered critical infrastructure. The risk-based security performance requirements applicable to covered critical infrastructure would be developed in collaboration with the private sector and sector-specific agencies. These performance requirements would be targeted only at cyber risks to specific systems or assets that "if exploited or not mitigated, could pose a significant risk of disruption to the operation of information infrastructure essential to the reliable operation of covered critical infrastructure." Moreover, owners and operators would have the ability to choose the security measures that are right for their own systems and networks – so long as they meet the minimum performance requirements applicable to these high-risk systems and assets. In addition to this flexibility, the legislation would provide important incentives for complying with the risk-based security performance requirements – liability limitations for specified civil actions.

 

Your input on this important legislation is important to our Committee, and both our staff and yours have invested considerable time in this process. While we find the mischaracterizations of our bill in your letter inaccurate and disappointing, we welcome further discussion and hope that we can engage in a constructive dialogue going forward.

[Guest HUMAN]

It is Cyber-Warfare in it's infancy. The internet keeps on devolving LOL, but it's true.

 

Though there are some in this field who would love to be on the offensive. To be on the defensive is so restrictive "The tech community is getting very hungry, and they want some food".

 

You are at this long enough and you can see it coming. Just look at all the cyber warfare centers that they are building all over the place.

 

Though I would love to know how law stumbled unto this subject, when she clearly has no idea on what she is pasting about.

 

--------------------------------------------------------------------------------------------

Is the Perfect Citizen Program an intrusion by the NSA into domestic affairs or an important program to combat an emerging security threat that only the NSA is equipped to provide?

[Guest CRN]

Online world war can be viewed in the following four dimensions:

 

First, information infrastructure, that is, the network computer and communications facilities, including wired and wireless communications facilities, communications satellites, computers and other hardware devices;

 

Second, basic software systems, including operating systems, network protocols, domain name resolution, etc.;

 

Third, application software systems, including financial, power, transportation, administrative, military and other aspects of the software system;

 

Fourth, the information itself, the network flow for all of the information.

 

Strictly speaking, the information infrastructure to combat should be classified as a broad network of warfare, it is the network operations for the foundation. National and regional networks in the definition of the concept of war has not fully integrated into the network of information infrastructure, the scope of warfare, but modern war breaks out, blow on the information infrastructure is first.

 

The United States has the world's most powerful conventional combat forces, its global deployment situation, the global reach of the capacity, enabling the military to accurately attack the information infrastructure to achieve the purpose of destroying or paralysis. Targets, including computer centers, communication centers, network nodes, communication satellites. U.S. electronic warfare capability strong enough to interfere with key wireless and satellite communications, causing the network circuit. Use of electromagnetic pulse bomb is simple and straightforward. U.S. troops hold the computer equipment, communications equipment and other electronic products, the core secrets, start possible through the command chip built-in procedure, either self-destruct or "defection", are easy. Injected through wireless technology, proprietary networks spared. To destroy or paralyze the power systems also enable network interrupts.

 

Don't just focus on China. Compared with the United States, Russia's electronic warfare capability is more sophisticated. Russian technical experts are developing weapons of all kinds of computer viruses, especially the "long-distance wireless into the virus weapons," the enemy's command and control system can direct threat. Although Russia does advocate the development of a network warfare treaty, but the network is not as offensive weapons, nuclear biological and chemical weapons as a direct threat to human life, it is basically impossible after the outbreak of war to be subject to any form of treaty.

 

Computer chips, operating systems, network protocols, routing, domain name resolution, are the vast majority of most countries and regions based on network operation, most of them have marked the "American" label. Because the most understanding of the system loopholes, even "creating" the loopholes out of the United States to attack or control the use of loopholes in the implementation of the capacity of the world. Control of the world's 13 domain name root server 10 sets, the United States qualified to "ban" a national network. Although the United States repeatedly emphasized the risks that exist on the network, continually playing a variety of computer networks for the U.S. attacks, but, through years of development and network offense and defense in actual combat and training, whether the stability of network operation, reliability and safety, or exercise out the level of qualified personnel to cultivate awareness of levels of network security in the United States rather than other countries.

[Guest Widow's Son]

The U.S. defense system has over 700 million computers, operates 15,000 computer networks, including the Navy network, Airforce network, the Army network, logistics network, simulation Internet, cruise network, medical net, Congressional networks, and many too many more to list. In addition, 95% of the U.S. Department of Defense data communication uses the public telephone system. Therefore, this Act is of great importance to protect us from a deadly network attack.

[Guest HUMAN]

http://www.thenewnewinternet.com/2010/06/29/naval-academy-plans-100m-cyber-warfare-education-center/

 

Fun world aint it. LOL

[Guest Congressman Gary Miller]

Every day, U.S. companies are being targeted by foreign hackers seeking to steal proprietary information and data. These cyber threats undermine U.S. competitiveness and cost American jobs. While the federal government has classified cyber threat intelligence that could help the private sector defend its networks, there are significant obstacles that hinder the sharing of that critical information. On Thursday the House passed legislation to enable the government to share this information with private sector companies that voluntarily choose to receive the proper clearances to access this information. The bill does not require companies to participate, nor does it require participating firms to share information with the government. In addition, the bill strictly limits the usage of information passed along to the government by the private sector. During consideration of the legislation, a number of amendments were adopted to strengthen the bill’s civil liberties and privacy protections and to ensure that information shared under the bill would only be used to protect U.S. cybersecurity. Furthermore, an amendment to sunset the bill’s provisions after five years was passed, ensuring that Congress will have to review the program’s performance before it may be extended. Congressman Miller will continue working to protect the security of our country’s electronic infrastructure, which is vital to our 21st century economy, without compromising Americans civil liberties.