Two men share securities regulation news

Breaking news and expert analysis on legal and compliance issues

[Back To Home][Back To Archives]

From Securities Regulation Daily, April 22, 2015

House passes first of two cybersecurity bills on tap this week

By Mark S. Nelson, J.D.

The U.S. House today passed the first of two cybersecurity bills the chamber was expected to take up this week. The final version of the Protecting Cyber Networks Act passed handily by a vote of 307-116 after six members offered a total of five amendments, some of which were adopted. The bill will be combined with a second bill up for a vote this week and then sent to the Senate, where similar bills have or will be introduced, thus raising the possibility that a conference may be needed to resolve any differences between the House and Senate versions.

Privacy, liability provisions in spotlight. During today’s floor proceedings on H.R. 1560, some members voiced concerns about the privacy and civil liberties provisions in the bill being too weak. These members cited provisions that could let the government tackle cases outside the express cybersecurity purposes of the bill. But other members urged passage because of the serious threats posed to cyber networks by hackers and terrorists. Those in favor of the bill noted that it contains multiple “privacy scrubs” to prevent the government’s unwarranted peering into individual’s private lives.

Yesterday’s statement by the Obama Administration mostly praised the House’s effort to improve cybersecurity by enabling the sharing of key cyber threat information. Still the administration said it was worried about the breadth of the bill’s liability protections and that the sharing of defensive measures could raise legal and diplomatic concerns that may counteract the bill’s well-intentioned efforts to improve the nation’s ability to prevent or withstand cyber attacks. The Obama Administration echoed many of the same concerns in its statement on H.R. 1731, which the House is set to consider tomorrow.

Financial industry response. The securities industry has largely backed cybersecurity improvements wending their through Congress. The Securities Industry and Financial Markets Association (SIFMA), joined by fourteen other business groups, wrote to House Majority Leader Kevin McCarthy (R-Cal) and Minority Leader Nancy Pelosi (D-Cal) yesterday to express support for H.R. 1560 and its companion bill.

“It is critical that Congress pass threat information sharing legislation to address today’s challenges and stay ahead of tomorrow’s threats,” said the SIFMA-led letter. “We support your continued efforts to advance legislation that further strengthens the ability of the private sector and the Federal government to work together to develop a more effective information sharing framework to respond to cyber threats, providing liability protection while balancing the need for privacy protection.”

Yet, SIFMA issued a press release earlier today in which it expressed concerns about some of the late amendments to H.R. 1560. Specifically, SIFMA said it was worried about the potential for H.R. 1560 to sunset prematurely. “The threat posed by cyber attacks will not sunset nor should our framework for responding to the threat be set up to lapse and these amendments, if adopted, could hinder any benefits this legislation would provide,” said Andy Blocker, SIFMA's Executive Vice President, Public Policy and Advocacy.

Cyber networks. The key provisions in H.R. 1560 allow the sharing of cyber threat indicators and defensive measures by the federal government and non-federal entities. The bill allows federal agencies, beyond the Department of Defense and the National Security Agency, subject to guidelines issued by the U.S. Attorney General, to share similar types of information on cyber threats. The bill also would create the Cyber Threat Intelligence Integration Center within the Office of the Director of National Intelligence (DNI) to sift information from a variety of sources. A House report accompanying the bill noted the increasingly brazen and destructive nature of the most recent cyber attacks on U.S. businesses.

As for liability issues, the federal government can be sued for its willfull violations of guidelines issued by the Attorney General on privacy and civil liberties. Private entities cannot be held liable for their good faith monitoring of an information system and related information. Moreover, a non-federal entity cannot be sued for sharing or receiving a cyber threat indicator or defensive measure (or its good faith failure to act on these items) if the entity otherwise acted in good faith. The bill also provides that a non-federal entity cannot be held liable for opting not participate in an authorized voluntary activity.

The bill provides for ongoing oversight of cybersecurity. The DNI must report to Congress every two years on the implementation of H.R. 1560, but the first report is due no later than one year after enactment. The Privacy and Civil Liberties Oversight Board must send biennial reports to Congress and the President; unclassified portions of these reports must be open to the public.

The DNI also must report within six months of enactment to the Senate Select Committee on Intelligence and the House Permanent Select Committee on Intelligence on cybersecurity threats, cyber attacks, theft, and data breaches. Separate provisions govern reports to be issued by inspectors general.

The House finished its debate on H.R. 1560 late this afternoon. A copy of the amended bill was not immediately available.

MainStory: TopStory CorporateGovernance FederalPreemption FinancialIntermediaries RiskManagement

Securities Regulation Daily

Introducing Wolters Kluwer Securities Regulation Daily — a daily reporting service created by attorneys, for attorneys — providing same-day coverage of breaking news, court decisions, legislation, and regulatory activity.

A complete daily report of the news that affects your world

  • View full summaries of federal and state court decisions.
  • Access full text of legislative and regulatory developments.
  • Customize your daily email by topic and/or jurisdiction.
  • Search archives for stories of interest.

Not just news — the right news

  • Get expert analysis written by subject matter specialists—created by attorneys for attorneys.
  • Track law firms and organizations in the headlines with our new “Who’s in the News” feature.
  • Promote your firm with our new reprint policy.

24/7 access for a 24/7 world

  • Forward information with special copyright permissions, encouraging collaboration between counsel and colleagues.
  • Save time with mobile apps for your BlackBerry, iPhone, iPad, Android, or Kindle.
  • Access all links from any mobile device without being prompted for user name and password.