US SB456 | 2015-2016 | 114th Congress

Status

Spectrum: Partisan Bill (Democrat 1-0)
Status: Introduced on February 11 2015 - 25% progression, died in committee
Action: 2015-02-11 - Read twice and referred to the Committee on Homeland Security and Governmental Affairs.
Pending: Senate Homeland Security And Governmental Affairs Committee
Text: Latest bill text (Introduced) [PDF]

Summary

Cyber Threat Sharing Act of 2015 Amends the Homeland Security Act of 2002 to permit private entities to: (1) disclose lawfully obtained cyber threat indicators to a private information sharing and analysis organization and the national cybersecurity and communications integration center (NCCIC); and (2) receive indicators disclosed by private entities, the federal government, or state or local governments. Permits any entity to disclose lawfully obtained indicators to a federal entity for investigative purposes consistent with the lawful authorities of the federal entity. Restricts private entities' use, retention, or further disclosure of cyber threat indicators to purposes relating to information system protection, cyber threat identification or mitigation, or crime reporting. Directs the Department of Homeland Security (DHS) to select through a competitive process a private entity to identify best practices for private information sharing and analysis organizations. Provides liability protections to entities that voluntarily share lawfully obtained indicators with: (1) the NCCIC, or (2) a private information sharing and analysis organization if the organization self-certifies that it has adopted the best practices identified by the DHS-selected private entity. Directs DHS to: (1) designate the NCCIC to receive and disclose threat indicators to federal and nonfederal entities in as close to real time as practicable, and (2) develop a program to support implementation of automated mechanisms for real time sharing. Prohibits a federal entity from using a disclosed indicator as evidence in a regulatory enforcement action against the entity that disclosed the indicator, but allows a federal entity to use disclosed indicators for regulatory enforcement if the information is received by other lawful means. Requires DHS to develop policies for federal entities to: anonymize and destroy information in a timely manner to limit the acquisition, interception, retention, use, and disclosure of indicators that are likely to identify specific persons; limit reception, use, and retention only to protect information systems or to investigate, prosecute, or otherwise respond to computer crimes, threats of death or serious bodily harm, serious threats to a minor, or attempts or conspiracies to commit such offenses; preserve confidentiality of proprietary information; and penalize federal employees who violate these policies. Repeals threat indicator sharing procedures established by this Act five years after enactment of this Act. Expresses the sense of Congress that the statement issued by the Department of Justice and the Federal Trade Commission on April 10, 2014, entitled "Antitrust Policy Statement On Sharing Of Cybersecurity Information" provides protections against antitrust concerns for the legitimate sharing of cyber threat indicators.

Tracking Information

Register now for our free OneVote public service or GAITS Pro trial account and you can begin tracking this and other legislation, all driven by the real-time data of the LegiScan API. Providing tools allowing you to research pending legislation, stay informed with email alerts, content feeds, and share dynamic reports. Use our new PolitiCorps to join with friends and collegaues to monitor & discuss bills through the process.

Monitor Legislation or view this same bill number from multiple sessions or take advantage of our national legislative search.

Title

Cyber Threat Sharing Act of 2015

Sponsors


History

DateChamberAction
2015-02-11SenateRead twice and referred to the Committee on Homeland Security and Governmental Affairs.

Subjects


US Congress State Sources


Bill Comments

feedback