US cyber security Bill approved


A Bill to let US spy agencies share intelligence on cyber threats with private companies was backed by a House of Representatives intelligence panel yesterday.

In a 17-1 vote, the Permanent Select Committee on Intelligence approved the legislation that would expand a pilot Pentagon programme for sharing classified and sensitive threat information with defence contractors and their Internet service providers.

Under the measure, a longer list of companies would be eligible for access to classified data from the National Security Agency and other agencies.

The Bill was amended to expand privacy protections for data that companies give the government, including, potentially, data that Internet providers give about their customers. That data could be used only for cyber or national security, according to the amendment.

Some critics have worried that this type of sharing arrangement amounts to government surveillance of private data.

The government would also be barred from searching collected data except to secure cyber networks from attack.
“Through hard work and compromise we have struck a delicate balance that provides strong protections for privacy and civil liberties, while still enabling effective cyber threat sharing and providing clear authority for the private sector to defend its own networks,” representative Mike Rogers, chairman of the committee, said in a statement.

There has been widespread and growing concern about incursions into US networks by hackers determined to steal everything from state secrets to credit card numbers.

Defence contractors like Lockheed Martin have been among the high-profile victims of cyber attacks. Others include Google and Citigroup.

Sponsors of the Bill envision, for example, that NSA would share with Internet service providers information identifying specific threats so that the ISP can then block traffic to customers from that source.

Internet service providers and other companies have long complained that they give information to the US government about potential cyber threats but often do not find it a two-way street. They say the government has been reluctant to reciprocate because the information is either classified or part of an investigation linked to a potential prosecution.

It was not immediately clear how the legislation would fare in either the Republican-controlled House or the Democratic-controlled Senate.