House Intelligence Committee Chairman Devin Nunes (R-Calif.) and ranking member Adam Schiff (D-Calif.) on Thursday said they still expect Congress this year to agree on a bill that incentivizes more voluntary sharing of information between the private sector and federal government on cyber threats.
The House this year has already passed two cyber threat information sharing bills but so far the Senate hasn’t brought its own bill to the floor.
“I’m optimistic” about a cyber bill being approved by Congress this year, Schiff said at a cyber security conference hosted by the Washington Post. “It’s on a very short list of things we think we can get done this year,” adding that legislation in the Senate is similar to what the House has passed “so prospects are good.”
Nunes, appearing along side Schiff, said the House and Senate are “very close to an agreement” for wrapping up a cyber bill. Just as the legislation has enjoyed wide support in the House, he believes the Senate will pass a bill with “overwhelming” support.
However, Nunes said, “if we don’t get something done this year I think both Adam and I will have a real problem with it.”
Nunes said that the key to improving the private sector’s willingness to share data about cyber threats found on company networks is the limited liability protections contained in the bills. Schiff said the House bills essentially broaden an existing information sharing model that exists between the Defense Department and the industrial base that supports it.
The Defense Industrial Base Cybersecurity and Information Assurance (DIB CS/IA) program was established permanently in 2013. Under the DIB CS/IA program the DoD and industry share unclassified and classified threat information with each other and among the private sector participants as well.
Private sector participants in the DIB program may also voluntarily participate in an optional component of the program with the Department of Homeland Security (DHS). The DHS Enhanced Cybersecurity Services program is a DHS-led effort to protect critical infrastructure in the United States.