* Bill expands a Pentagon information-sharing program
* Information on attacks would go only to DHS
* Expert says bill "nice to have but not enough"
* Says cybersecurity bills may be tough to reconcile
By Diane Bartz
WASHINGTON, April 10 The U.S. House of
Representatives will take up a cybersecurity bill at the end of
April that lets the government and corporations share
information about hacking attacks on U.S. networks, with
amendments intended to ease civil liberties concerns, lawmakers
said on Tuesday.
Representatives Mike Rogers, a Michigan Republican, and C.A.
"Dutch" Ruppersberger, a Maryland Democrat, are pushing
legislation that would expand a Pentagon pilot program for
sharing classified and sensitive threat information from just
defense contractors and their Internet providers to a broader
segment of the private sector.
Rogers and Ruppersberger are the top two lawmakers on the
House Permanent Select Committee on Intelligence.
But the bill, which has 105 co-sponsors, has come under
attack from groups like the Electronic Frontier Foundation,
which said in a blog post last month that the bill failed to use
narrow enough language to define a cyber threat.
The group said the bill would give the government free rein
to monitor communications, filter content from sites like
WikiLeaks, or possibly shut down access to online services.
In a news conference on Tuesday, Rogers and Ruppersberger
said their bill had no such intent. They said they would clarify
that private companies would give information about threats only
to the U.S. Department of Homeland Security.
This would cut out the National Security Agency, which has
the best cybersecurity expertise in government but is distrusted
by civil liberties groups because of warrantless wiretapping as
part of the war on terror.
And they stressed that the bill's goal was only to share
information about malicious software code - not content.
"Malicious code will be caught before it gets into networks.
That's where we think we make the biggest bang for the buck,"
Rogers and Ruppersberger plan to introduce language that
says if the government uses the gathered data for any purpose
outside of cybersecurity that it will be vulnerable to private
A number of bills are moving through Congress as U.S.
policymakers become increasingly concerned that terrorists could
mount a cyber attack that could shut down critical
infrastructure, such as electricity plants or financial systems.
There have also been a number of high-profile private-sector
breaches, including ones involving defense contractors such as
Lockheed Martin Corp, Google and Citigroup
The most recent target that received wide attention was
Global Payments Inc, which said on March 30 that a data
breach compromised the account numbers of 1.5 million credit
Internet service providers and other companies have long
complained that they give information to the U.S. government
about potential cyber threats but often do not find it a two-way
They say the government is reluctant to reciprocate because
the information is either classified or part of an investigation
linked to a potential prosecution.
Lee Tien, a senior staff attorney with the Electronic
Frontier Foundation, said he had not seen the proposed
amendments, and could not say if they would allay his group's
The Senate is considering two cybersecurity bills, both of
which overlap with the information-sharing measure proposed by
the Rogers-Ruppersberger bill.
James Lewis, a cybersecurity expert who calls the
Rogers-Ruppersberger bill "nice to have but not enough,"
predicted a rough road for the legislation.
"You're going to see a bill out of the Senate and out of the
House that are markedly different," he said.