McCaul Op-Ed: Enhancing Privacy in Cybersecurity is Critical: Info Sharing with Civilian Government Agencies is Key
Michael McCaul - POLITICO Pro
A silent war is being waged against America in cyber space, and we are losing ground to our adversaries. Cyber espionage is being conducted against our government and U.S. businesses; the intellectual property of American companies is being stolen and the personal information of Americans is being hacked by criminals, hacktivists and nation states. Our cyber adversaries are not just seeking to steal Americans’ identities; they want our security secrets and our innovative ideas.
During the last Congress, we were able to strengthen our cybersecurity legal foundations. Five important cybersecurity bills became law, these laws included establishing a federal civilian interface at the Department of Homeland Security’s (DHS) center for integrating cyber threat information, the National Cybersecurity and Communications Integration Center (NCCIC) to facilitate information sharing across the private sector, and enhancing the Department of Homeland Security’s ability to prevent, respond to, and recover from cyber incidents on federal civilian networks.
Those bills, now laws, present a starting point for our efforts in this Congress.
Now is the time for Congress to build on those current laws and pass enhanced cybersecurity legislation. However, we must ensure that what we pass is consistent with the cyber laws enacted in December. We must respect the existing roles and responsibilities of both civilian and intelligence agencies and maintain important privacy provisions, all of which were included in the two House-passed cyber bills this Congress.
In April of this year, the House took an important, bipartisan step toward helping American businesses better protect their digital networks from dangerous and destructive cyber-attacks by passing H.R. 1731, the National Cybersecurity Protection Advancement (NCPA) Act and H.R. 1560, the Protecting Cyber Networks Act (PCNA). Both bills passed overwhelmingly. As the Senate continues to fine tune its legislation, I would like to highlight key tenets of the two bipartisan bills the House passed earlier this year.
H.R. 1731, the NCPA Act is a pro-privacy, pro-security bill that enhances the sharing of cyber threat indicators with the DHS civilian information sharing portal, NCCIC. It strengthens NCCIC’s role as the lead civilian interface for cyber threat information sharing. The NCPA Act also ensures personal information is removed before sharing cyber threat indicators and that strong safeguards are in place to protect the privacy and civil liberties of all Americans. The legislation bolsters the robust privacy protections already in place at DHS without risking exposure of personal data.
H.R. 1560, the PCNA allows the sharing of cyber threat indicators with federal civilian agencies. Taking privacy concerns into account, the PCNA prohibits the government from forcing private sector entities to provide information to the government and requires companies to remove personal information before sharing cyber threat indicators with the government.
Both H.R. 1731 and H.R. 1560 provide important liability protections for the voluntary sharing of cyber threat indicators and defensive measures with NCCIC or private-to-private. They also enforce strong privacy and civil liberties protections by permitting individuals to sue the federal government for intentional privacy violations in federal court.
I am proud of the House’s bipartisan action to have passed these two important cyber bills that better defend our cyber networks by adapting to the ever-changing cyber threats posed by state-sponsored espionage, criminals and terrorists. I encourage our colleagues in the Senate to take action and look forward to working together in conference to preserve and strengthen the current roles and responsibilities of civilian and intelligence agencies and reinforce efforts to ensure robust privacy protections.