Bill > HR3523

Introduced Session

Cyber Intelligence Sharing and Protection Act - Amends the National Security Act of 1947 to add provisions concerning cyber threat intelligence and information sharing. Defines "cyber threat intelligence" as information in the possession of an element of the intelligence community directly pertaining to a vulnerability of, or threat to, a system or network of a government or private entity, including information pertaining to the protection of a system or network from: (1) efforts to degrade, disrupt, or destroy such system or network; or (2) theft or misappropriation of private or government information, intellectual property, or personally identifiable information. Requires the Director of National Intelligence to: (1) establish procedures to allow intelligence community elements to share cyber threat intelligence with private-sector entities and utilities, and (2) encourage the sharing of such intelligence. Requires the procedures established to ensure that such intelligence is only: (1) shared with certified entities or a person with an appropriate security clearance, (2) shared consistent with the need to protect U.S. national security, and (3) used in a manner that protects such intelligence from unauthorized disclosure. Provides for guidelines for the granting of security clearance approvals to certified entities or officers or employees of such entities. Prohibits a certified entity receiving such intelligence from further disclosing the information to any entity other than another certified entity or a federal department or agency authorized to receive such intelligence. Authorizes a cybersecurity provider (a non-governmental entity that provides goods or services intended to be used for cybersecurity purposes), with the express consent of a protected entity (an entity that contracts with a cybersecurity provider) to: (1) use cybersecurity systems to identify and obtain cyber threat information in order to protect the rights and property of the protected entity; and (2) share cyber threat information with any other entity designated by the protected entity, including the federal government. Requires the head of a federal department or agency receiving cyber threat information to provide such information to the National Cybersecurity and Communications Integration Center of the Department of Homeland Security (DHS), and allows such department or agency head to request the Center to provide such information to another federal department or agency. Regulates the use and protection of shared information, including prohibiting the use of such information to gain a competitive advantage and, if shared with the federal government, exempts such information from public disclosure. Prohibits a civil or criminal cause of action against a protected entity, a self-protected entity (an entity that provides goods or services for cybersecurity purposes to itself), or a cybersecurity provider acting in good faith under the above circumstances. Allows the federal government to use shared cyber threat information: (1) for cybersecurity purposes, including the investigation of cybersecurity crimes; (2) for the protection of individuals from the danger of death or serious bodily harm and the prosecution of crimes involving such dangers; or (3) to protect U.S. national security. Prohibits the federal government from affirmatively searching such information for any other purpose. Provides for the protection of sensitive personal documents such as library records, tax returns and medical records. Requires a federal department or agency receiving information that is not cyber threat information to so notify the entity or provider of such information. Allows the federal government to undertake efforts to limit the impact of the sharing of such information on privacy and civil liberties. Outlines federal government liability for violations of restrictions on the disclosure, use, and protection of voluntarily shared information. Directs the Inspector General of the Intelligence Community to submit annually to the congressional intelligence committees a review of the use of such information shared with the federal government, as well as recommendations for improvements and modifications to address privacy and civil liberties concerns. Preempts any state statute that restricts or otherwise regulates an activity authorized by the Act. States that nothing in this Act shall be construed to: (1) provide additional authority to, or modify existing authority of, any element of the intelligence community to control or direct the cybersecurity efforts of a private-sector entity or a component of the federal government or a state, local, or tribal government; (2) limit or affect existing information sharing relationships of the federal government; or (3) provide additional authority to, or modify existing authority of, any entity to use a cybersecurity system owned or controlled by the federal government on a private-sector system or network to protect the latter system or network.

Committee Categories

Mike Rogers (R)*,  Mark Amodei (R),  Steve Austria (R),  Joe Baca (D),  Michele Bachmann (R),  Spencer Bachus (R),  Roscoe Bartlett (R),  Dan Benishek (R),  Brian Bilbray (R),  Marsha Blackburn (R),  Mary Bono Mack (R),  Madeleine Bordallo (D),  Dan Boren (D),  Leonard Boswell (D),  Mo Brooks (R),  Paul Broun (R),  Michael Burgess (R),  Ken Calvert (R),  Dave Camp (R),  Dennis Cardoza (D),  John Carter (R),  Ben Chandler (D),  Mike Coffman (R),  Tom Cole (R),  K. Michael Conaway (R),  Jim Cooper (D),  Jim Costa (D),  Rick Crawford (R),  Henry Cuellar (D),  Geoff Davis (R),  Norman Dicks (D),  Anna Eshoo (D),  Chuck Fleischmann (R),  J. Randy Forbes (R),  Trent Franks (R),  Rodney Frelinghuysen (R),  Phil Gingrey (R),  Bob Goodlatte (R),  Morgan Griffith (R),  Michael Grimm (R),  Brett Guthrie (R),  Luis Gutiérrez (D),  Ralph Hall (R),  Vicky Hartzler (R),  Alcee Hastings (D),  Doc Hastings (R),  Joseph Heck (R),  Bill Huizenga (R),  Randy Hultgren (R),  Robert Hurt (R),  Darrell Issa (R),  Bill Johnson (R),  Peter King (R),  Adam Kinzinger (R),  Larry Kissell (D),  John Kline (R),  Doug Lamborn (R),  Leonard Lance (R),  James Langevin (D),  Rick Larsen (D),  Bob Latta (R),  Frank LoBiondo (R),  Michael McCaul (R),  Patrick McHenry (R),  Mike McIntyre (D),  Howard McKeon (R),  David McKinley (R),  Cathy McMorris Rodgers (R),  Patrick Meehan (R),  Michael Michaud (D),  Candice Miller (R),  Gary Miller (R),  Jeff Miller (R),  Mick Mulvaney (R),  Sue Myrick (R),  Kristi Noem (R),  Devin Nunes (R),  Pete Olson (R),  William Owens (D),  Collin Peterson (D),  Joseph Pitts (R),  Mike Pompeo (R),  Benjamin Quayle (R),  David Roe (R),  Mike Rogers (R),  Thomas Rooney (R),  Ileana Ros-Lehtinen (R),  Mike Ross (D),  Jon Runyan (R),  Dutch Ruppersberger (D),  Steve Scalise (R),  Aaron Schock (R),  John Shimkus (R),  Heath Shuler (D),  Bill Shuster (R),  Albio Sires (D),  Adrian Smith (R),  Cliff Stearns (R),  Steve Stivers (R),  John Sullivan (R),  Lee Terry (R),  Mike Thompson (D),  Edolphus Towns (D),  Mike Turner (R),  Fred Upton (R),  Tim Walberg (R),  Greg Walden (R),  Lynn Westmoreland (R),  Joe Wilson (R),  Rob Wittman (R),  Frank Wolf (R),  Rob Woodall (R),  Kevin Yoder (R), 

Received in the Senate and Read twice and referred to the Select Committee on Intelligence. (on 05/07/2012)

Official Document