The president of the United States has been asking for this for years. Companies have been connecting more and more on it, and industry groups have been advocating it for a long time.
On April 22, Congress finally made notable progress when the House of Representatives passed the Protecting Cyber Networks Act, which would make it faster and easier for enterprises to share information about cyber-security threats with each other and the government without fear of lawsuits. Lawyers were the main losers here.
The vote was 307-to-116. There were 202 in-favor votes from Republicans and 105 from Democrats.
Senate Expected to Pass It
The legislation still must be approved by the Senate before it can be sent to President Barack Obama to sign into law.
A similar measure passed by a 14-to-1 vote in the Senate Intelligence Committee. Supporters say they expect strong bipartisan support in the full Senate as well when it considers the bill later this spring.
Several previous bills addressing the issue had failed, partly because of concerns that they might lead to more of the surveillance exposed two years ago by former National Security Agency contractor Edward Snowden.
However, a series of high-profile cyber-attacks in recent months on Sony Pictures Entertainment, Target, Home Depot and other corporations helped push it along.
“At some point, we need to stop talking about the next Sony, the next Anthem, the next Target, the next JP Morgan Chase and the next State Department hack, and actually pass a bill that will help ensure that there will be no next cyber-attack,” Representative Adam Schiff, the top Democrat on the House Intelligence Committee, told Reuters.
Key Topic at RSA Security Conference
The new bill was also a topic of brief conversation in a privacy panel at the RSA conference.
“It feels like a continuation of the conversation rather than a new start,” Brendan Lynch, chief privacy officer at Microsoft, said. “One of the benefits of the dialogue is to get something solid on the books that appropriately balances innovation and privacy.”
“I think it’s an important model and brings new ideas into the conversation,” said Erin Egan, chief privacy officer at Facebook. “It has a whole accountability framework to it.”
Paul Kurtz, CEO of TruSTAR and an ex-special assistant to the president on the White House’s Homeland Security Council, said: “Congress realizes that information sharing is critical to the security of our networks. No company can fight the bad guys alone. Now we can work together without concern over legal repercussions.
“This alone is not sufficient, though, as companies still fear market and reputational fallout from sharing. This can only be solved by enabling enterprises to share with anonymity. But, no doubt, Congress made a significant step forward today.”
Corporations have been clamoring for Congress to act for several years. The U.S. Chamber of Commerce sent a letter to every member of the House earlier April 22 urging support of the bill.
President Probably Will Sign It
The Obama administration said it had some concerns about the bill but supported its passage and believed it could be fixed as the legislation is finalized in Congress.
Privacy advocates are not pleased with the legislation. “These bills do little to protect the Internet, but rather reward companies who undermine the privacy of their customers,” said Nathan White, senior legislative manager at the advocacy group Access Now.
The House is due to debate a second cyber-security bill, the National Cyber Security Protection Advancement Act of 2015, on April 23. That bill would use the U.S. Department of Homeland Security as an intermediary for sharing the electronic information.
eWEEK Senior Editor Sean Michael Kerner and the Reuters news service contributed to this story.