US SB456 | 2015-2016 | 114th Congress
Status
Spectrum: Partisan Bill (Democrat 1-0)
Status: Introduced on February 11 2015 - 25% progression, died in committee
Action: 2015-02-11 - Read twice and referred to the Committee on Homeland Security and Governmental Affairs.
Pending: Senate Homeland Security And Governmental Affairs Committee
Text: Latest bill text (Introduced) [PDF]
Status: Introduced on February 11 2015 - 25% progression, died in committee
Action: 2015-02-11 - Read twice and referred to the Committee on Homeland Security and Governmental Affairs.
Pending: Senate Homeland Security And Governmental Affairs Committee
Text: Latest bill text (Introduced) [PDF]
Summary
Cyber Threat Sharing Act of 2015 Amends the Homeland Security Act of 2002 to permit private entities to: (1) disclose lawfully obtained cyber threat indicators to a private information sharing and analysis organization and the national cybersecurity and communications integration center (NCCIC); and (2) receive indicators disclosed by private entities, the federal government, or state or local governments. Permits any entity to disclose lawfully obtained indicators to a federal entity for investigative purposes consistent with the lawful authorities of the federal entity. Restricts private entities' use, retention, or further disclosure of cyber threat indicators to purposes relating to information system protection, cyber threat identification or mitigation, or crime reporting. Directs the Department of Homeland Security (DHS) to select through a competitive process a private entity to identify best practices for private information sharing and analysis organizations. Provides liability protections to entities that voluntarily share lawfully obtained indicators with: (1) the NCCIC, or (2) a private information sharing and analysis organization if the organization self-certifies that it has adopted the best practices identified by the DHS-selected private entity. Directs DHS to: (1) designate the NCCIC to receive and disclose threat indicators to federal and nonfederal entities in as close to real time as practicable, and (2) develop a program to support implementation of automated mechanisms for real time sharing. Prohibits a federal entity from using a disclosed indicator as evidence in a regulatory enforcement action against the entity that disclosed the indicator, but allows a federal entity to use disclosed indicators for regulatory enforcement if the information is received by other lawful means. Requires DHS to develop policies for federal entities to: anonymize and destroy information in a timely manner to limit the acquisition, interception, retention, use, and disclosure of indicators that are likely to identify specific persons; limit reception, use, and retention only to protect information systems or to investigate, prosecute, or otherwise respond to computer crimes, threats of death or serious bodily harm, serious threats to a minor, or attempts or conspiracies to commit such offenses; preserve confidentiality of proprietary information; and penalize federal employees who violate these policies. Repeals threat indicator sharing procedures established by this Act five years after enactment of this Act. Expresses the sense of Congress that the statement issued by the Department of Justice and the Federal Trade Commission on April 10, 2014, entitled "Antitrust Policy Statement On Sharing Of Cybersecurity Information" provides protections against antitrust concerns for the legitimate sharing of cyber threat indicators.
Title
Cyber Threat Sharing Act of 2015
Sponsors
Sen. Thomas Carper [D-DE] |
History
Date | Chamber | Action |
---|---|---|
2015-02-11 | Senate | Read twice and referred to the Committee on Homeland Security and Governmental Affairs. |
Subjects
Administrative law and regulatory procedures
Civil actions and liability
Competition and antitrust
Computer security and identity theft
Criminal investigation, prosecution, interrogation
Department of Homeland Security
Evidence and witnesses
Government ethics and transparency, public corruption
Government information and archives
Public-private cooperation
Science, technology, communications
Civil actions and liability
Competition and antitrust
Computer security and identity theft
Criminal investigation, prosecution, interrogation
Department of Homeland Security
Evidence and witnesses
Government ethics and transparency, public corruption
Government information and archives
Public-private cooperation
Science, technology, communications
US Congress State Sources
Type | Source |
---|---|
Summary | https://www.congress.gov/bill/114th-congress/senate-bill/456/all-info |
Text | https://www.congress.gov/114/bills/s456/BILLS-114s456is.pdf |