New legislation would encourage the U.S. government and companies to share information about cyber security threats and hacker attacks.
The measure, unveiled by House Intelligence Committee Chairman Mike Rogers, would shield companies from lawsuits and public disclosure requirements when they inform federal agencies about their security vulnerabilities and the type of cyber attacks they experienced.
“There is an economic cyberwar going on today against U.S. companies,” said Rogers, a Michigan Republican. “Economic predators, including nation-states, are blatantly stealing business secrets and innovation from private companies. This cyber security bill goes a long way in helping American businesses better protect their networks and their intellectual property.”
U.S. lawmakers have increased scrutiny of network security in the wake of hacking incidents at companies including Sony Corp. and Citigroup Inc. The National Counterintelligence Executive said this month that hackers and illicit programmers are pursuing American industrial secrets, jeopardizing an estimated $398 billion in U.S. research.
Rogers has accused the Chinese government of launching attacks, saying at a hearing last month that attacks from China have reached an “intolerable level.”
Under the bill, companies would get protection from civil or criminal lawsuits for “acting in good faith” to inform the government hackers have attacked their computer systems or compromised people’s personal information.
Internet-service providers, including AT&T Inc. and Comcast Corp., may have to create a voluntary industry standard for fighting computer viruses known as botnets under a proposal from U.S. regulators. The Homeland Security and Commerce departments have said they may give companies protections from lawsuits when they develop that standard.
Rogers wrote the bill along with the committee’s top Democrat, C. A. “Dutch” Ruppersberger of Maryland. It doesn’t require companies to report their cyber security vulnerabilities to the government or tell businesses which agencies to contact.
Information that companies provide to the government would be exempt from Freedom of Information Act requests and the government could not use it for mandating regulations, according to the bill.