* Bill seeks to increase sharing of cyber threat data
* Sponsors say legislation addresses privacy concerns
(Updates with White House comment)
By Tabassum Zakaria and Diane Bartz
WASHINGTON, Nov 30 U.S. lawmakers on Wednesday
proposed fighting the cyber threat that is taking a toll on
American companies by allowing spy agencies to share threat
intelligence with private firms.
Representative Mike Rogers, the Republican chairman of the
U.S. House of Representatives intelligence committee, and the
panel's senior Democrat, Representative C.A. "Dutch"
Ruppersberger, announced legislation to protect U.S. firms from
cyber attacks by foreign countries and individual hackers by
allowing information-sharing with agencies like the National
Security Agency.
"Our intelligence agencies collect important information
overseas about advanced foreign cyber threats that could
dramatically assist the private sector," Rogers said.
"The government needs to be able to share this threat
intelligence so that the private sector can protect its own
networks," he said at the public unveiling of the bill.
Rogers has been outspoken in accusing China of widespread
cyber espionage. An intelligence report released earlier this
month accused China and Russia of using cyber espionage to
steal U.S. trade and technology secrets.
"North Korea just attacked a major banking system in South
Korea. That can happen today in the United States of America,"
Ruppersberger said.
"We will have a catastrophic attack within the next year,
whether it's attacking a banking system, a grid system, this is
going to happen and we have to make sure that we protect
ourselves," he said.
The legislation aims to expand to the broader private
sector the theme of a pilot Pentagon program for sharing
classified and sensitive threat information with defense
contractors and their internet service providers.
Defense contractors like Lockheed Martin Corp (LMT.N) have
been among the high-profile victims of cyberattacks. Others
include Google (GOOG.O) and Citigroup (C.N).
Sponsors of the bill envision, for example, that NSA would
share with internet service providers information about the
different types of cyber threats that the intelligence agency
has detected so that the ISP can then block traffic to its
customers from anything with that signature.
TWO-WAY STREET
Internet service providers and other companies have long
complained that they give information to the U.S. government
about potential cyber threats but often do not find it a
two-way street. They say the government is reluctant to
reciprocate because the information is either classified or
part of an investigation linked to a potential prosecution.
Some critics worry this type of sharing arrangement
amounts to government surveillance of private data.
The bill would require a review to ensure the protection of
privacy and civil liberties, the lawmakers said. It also offers
protections from frivolous lawsuits to companies who shared
cyber threat information with the government, they said.
At this early stage it was unclear how the legislation will
fare in getting through the Republican-controlled House and the
Democratic-controlled Senate before landing on President Barack
Obama's desk to be signed into law.
The White House said it was reviewing the bill but raised
some initial concerns that it fell short of privacy protections
in the administration's own proposal released in May.
"The administration strongly believes that we need to make
sure that any legislation put forward sufficiently protects
U.S. citizens' personal information and privacy," Caitlin
Hayden, National Security Council spokeswoman, said.
"Also, we believe that the inclusion of generous liability
and antitrust protections could limit the government's ability
to protect citizens and hold corporations accountable," she
said.
Stewart Baker, a former Homeland Security official who is
now a partner with the Steptoe & Johnson law firm, said,
"What's new is that the self-protected entity can share that
information with the federal government. That's new because
there are provisions of law that prevent ISPs from sharing
subscriber information with the federal government."
But he was concerned that measures in the bill that would
relieve companies of liability once they shared data with the
government might be too broad.
(Writing by Tabassum Zakaria; Editing by Bill Trott and
Cynthia Osterman)