tv British House of Commons CSPAN April 26, 2015 9:36pm-10:01pm EDT
company to report it without fear he lawsuit so other companies can protect themselves . the bill encourages three kinds of sharing. private-to-private government to private and private to government. companies are allowed to share cyber threat information with government agencies. if banks are comfortable sharing with the treasury department, they can do so. if they prefer sharing with the department of energy, they can do so. if companies want to share with the department of homeland security, the justice department, or congress, they can share with them. the only sharing that this bill does not encourage is direct sharing to deferment of defense or the national security agencies -- agency. companies can still share with nsa, but they will not receive new liability protections. this bill does not provide any new surveillance authorities. it contains privacy protections.
it only authorizes the sharing of cyber threat indicators, tech of -- technical information like malware signatures and malicious code. companies must remove all personal information. if those acquirements are not followed, there is no liability protection. an agency that receives the information must scrub it a second time. this will ensure that personal information is removed. only then can that information be forwarded. it provides for strong oversight by requiring a biannual inspector general report related to dissemination of cyber threat indicators. the privacy and civil liberties oversight board must also submit a biannual report on the privacy and civil liberties impact of the bill. the scope of cyber attacks cannot be ignored. this bill will strengthen our
defenses so consumers and businesses will not be at the mercy of cyber criminals. i look forward to passing this legislation. the chair: the gentleman reserves the balance of his time. >> i rise in support of hr 1560, the protecting cyber networks act. we need to stop just hearing about the attacks that steal our trade secrets and private information, and actually do something to stop it. we need to stop talking about the next sony or aunt the more target or j.p. morgan chase, the next state department hack. we need to ensure that there will be no more attacks. if you weeks ago, the house intelligence committee held a hearing on the cyber threat to america's private sector. we heard from witnesses that businesses were cyber attacked
millions of times per day. not thousands not millions, but billions. the threat to our economy our jobs, and our privacy from not acting is massive, and it is certain. we see it happening all around us. we must act now. that is why i am proud to some art this bill, the protecting cyber networks act provides for voluntary information sharing of cyber threats between and among private and public sectors. it does what no executive order can do. it incentivizes cyber threat information sharing by providing limited liability protection. now companies can pool their resources and say to one another, i found this malicious code or this virus in my system. you need to protect yourself against it as well. the government can better warn and now companies of an , impending cyberattack just as it can for an approaching hurricane or pending flu outbreak. but let me be very clear about this. to get the liability protection, a company that chooses to
participate must remove any unrelated private information prior to sharing. this is something privacy advocates and i called for when previous information sharing bills came before the house. unlike prior bills, this measure requires the private sector to strip out private information. in fact, the bill has two not one privacy scrubs. the first happens when a company shares with another company or the federal government. and the second happens when the federal government shares the information further. this bill even holds the government directly libal if it -- directly liable if it doesn't do what it's required to do. second, to get the liability protection, a private company wishing to share with the federal government must go threw -- go through a civilian portal. to be clear a company can't go directly to the d.o.d. or n.s.a. and get the bills' liability protection. the lack of a civilian portal in previous bills was another key privacy group criticism and this bill has resolved that issue, too. in fact, of the five main
criticisms of prior cyberbills this bill has resolved each of them. it has private sector privacy stripping of information, it has a civilian portal. it also has narrow restrictions on what the government can use that shared cyberthreat information for. gone is a national security use provision. gone is a bag -- a vague terrorism use provision. what's left only the most narrow of uses to prevent cyberattacks. to prevent the loss of life. to prevent serious harm to a child. and to prevent other serious felonies. gone, too, is any question of whether offensive counter measures or hack back is authorized. this bill makes clear you cannot take anything but defensive actions to protect your networks' data. unless anyone be confused, this bill makes clear in black and white legislative text that nothing in the bill authorizes government surveillance in this act, nothing. what this bill does is authorize
voluntary private sector sharing of cyberthreat information, and allows the government to be able to quickly share threat information with the private sector just as we need the c.d.c. to put our timely warnings and advice on how to counteract this year's flu strain or how to prevent a local disease from becoming a epidemic. in addition, the bill requires strong privacy and civil liberties guidelines and intense reporting requirements. the bill before us today strikes the right balance of addressing privacy, and addresses privacy concerns that i and others raised last session. however, we need to make improvements as the bill moves forward. in particular, we need to further clarify that our liability protection only extends to those who act or fair -- failed to act reasonably. before closing, i want to thank chairman nunes for his leadership, for working so hard on this bill. it has been a great pleasure to work with you, mr.
chairman. i'm grateful for all of the hours and energy and talent that you and your staff have put into making this bill successful. i want to thank all the members of the judiciary committee and homeland security committee for working together on this. we had many differences of opinion and we still have some but we kept our eyes firmly on , what's best for the american people as a whole. with that we found ways to come together and produce a stronger bill. i hope we can continue to work together, as well, with the senate and the white house and all the stakeholders to produce an even stronger bill for the president to sign into law. i also want to acknowledge the leadership of our predecessors dutch ruppersburger and former chairman mike rogers. we have come this far in part because of the good work that they did during the last couple sessions. and i also want to thank all of those that came to speak with us and provide their input in making this a better bill. every day we delay more privacy is stolen, more jobs are lost and more economic harm is done.
let's stop sitting by and watch this happen. let's do something that this administration has urged us to do. let's pass this bill and let's do it now. thank you and i reserve the balance of my time. the chair: the gentleman from california, mr. schiff, reserves the balance of his time. the gentleman from california, mr. nunes, is recognized. mr. nunes: thank you, madam chair. at this time i'd like to yield three minutes to the gentleman from georgia who also is the chairman of the subcommittee on cyber for the house intelligence committee, mr. westmoreland. the chair: the gentleman the -- from georgia is recognized for three minutes. mr. westmoreland thank you, madam speaker. thank you, chairman neen us. i rise in -- nunes. i rise in support of hr 1560 protecting cybernetworks act. the bill safeguards personally identifiable information from being exchanged during the process by requiring private
companies and the government to both make sure that no private information is exchanged. my home state of georgia is home to many companies that deal with and secure sensitive data on a daily basis and they are , constantly looking for better ways to protect their networks. after the recent cyberattacks against american businesses, i have spoken to industry leaders from georgia and across the nation about how we can make information sharing between the industries and the government stronger and to better protect our nation. cyberterrorism is the new battlefield and adopting to this new warfare is crucial to eliminating these threats. by allowing american businesses to alert other companies and the government of specific threats and only the threats, the , protecting cybernetworks act can help shut down the cybercriminals from stealing sensitive information or causing devastating damage to our networks. the protecting cybernetworks act
is a bipartisan step forward in protecting businesses and citizens from being the next victim of a cyberattack. this bill helps devastating cyberattacks from going unnoticed, and are only shared months after the attack. i'd like to thank chairman nunes, ranking member schiff ranking member on the subcommittee, mr. hines, mr. ruppersburger for all the work he's put into this as well as former chairman rogers. i asked for a year a vote. i yield the reminder of my time. the chair: the chair the gentleman from georgia yields back. the gentleman from california is recognized. mr. schiff: madam chair, it's a pleasure to yield two minutes to mr. ruppersburger of maryland, former ranking member of the intelligence committee. the chair: the gentleman from maryland is recognized for two minutes. mr. ruppersberger: madam speaker, i rise in support of the bipartisan protecting
cyber networks act and want to , thank the members of the house intelligence committee for continuing to prioritize our nation's security over partisan rhetoric. i do want to thank chairman nunes and also ranking member schiff for acknowledging chairman rogers and i. i want to remind you that it was a team approach and you two were very active in helping bring this bill here today as we did before. so thank you for your leadership. it's well worth it and it's very , refreshing to see this bipartisanship. >> this legislation is very -- mr. nunes: if the gentleman will yield? mr. ruppersberger: yes. mr. nunes: i thank the gentleman for yielding. i thanked you in my opening statement, mr. ruppersberger. without your leadership and chairman -- former chairman rogers' leadership on this bill we would not be here today and , i'm encouraged not only by your past support but then by you taking the time to come down here to speak on this bill, i think it says a lot about you and your commitment to national security and the security of our cybernetworks. so thank you and i yield back.
ruppersberger: i yield back my time and thank you for your leadership. this legislation is similar to the bill that chairman rogers and i introduced to promote information sharing between the private and public sectors which is the single most important thing we can do to combat increasingly aggressive cyberattacks. experts believe these attacks are costing american corporations billions of dollars each year. target, home depot are only the beginning. with sony we saw the first destructive attack in our country. it's only a matter of time before our critical infrastructure is targeted. what would happen if someone were to take out our electrical grid or 911 call centers or air traffic control? and it goes on and on. voluntary information sharing among companies helps our companies defend themselves. voluntary two-way information sharing with the federal government helps improve our ability to protect america against foreign cyberthreats by getting out more and better information faster. there are some concerns i have
as anyone has in any bill, between the bill chairman rogers and i introduced that passed the house. however, i think it's important to reach consensus and move this issue forward now. >> can i have another 20 seconds? mr. schiff: madam chair, i'm happy to yield 30 seconds to the gentleman. the chair: the gentleman the -- has 30 seconds. mr. ruppersberger our country continues to be cyberattacked. we're under attack as i speak. to do nothing is not an option. i want to thank the leadership of chairman nunes and ranking member schiff and their leadership and the entire committee for coming together on this bill. i asked my colleagues to support it and i yield back the balance of my time. the chair: the chair the gentleman yields back. the gentleman from california, mr. nunes, is recognized. mr. nunes: thank you. at this time i yield five minutes to the gentleman from texas, who is the chairman of the homeland security committee,
who without his strong leadership and support we wouldn't be at this juncture today getting a bill passed today and tomorrow that will hope only -- hopefully become law and with that -- hopefully become law and with that i yield to the gentleman, mr. mccaul. the chair: the the chair gentleman is recognized for five minutes. mr. mccaul: i rise in support of h.r. 1560, the protecting cybernetworks act. i want to thank chairman nunes for his great leadership and collaboration with my committee and judiciary on this bill and also the ranking member, adam schiff. a good friend as well. for his great work and the direction that this bill has gone. i think it's gone in the right direction. also, i know the former ranking member, dutch ruppersberger, was here. i want to thank him for his leadership over the many years on this important issue of cybersecurity. this legislation comes at a critical time of rising cyberthreats and attacks on our
digital networks. cyber breaches and attacks are affecting americans' privacy, security and prosperity. individuals are having their most private information compromised. businesses are seeking their intellectual -- getting their intellectual property stolen and their networks damaged. the country's critical infrastructure is being probed by foreign enemies. detecting and defending against these digital assaults requires timely and robust information sharing between the public and private secondors. this exchange of data is crucial to connecting the dots. identifying cyberattacks and -- shutting them down. protecting cybernetworks act will enable private companies to share cyberthreat information on a voluntary basis with the federal government.
this bill provides simple liability protection for sharing cyberattack indicators through trusted civilian agency portals. again, i commend chairman nunes for his important work on this bill and thank him for his great partnership, working together to have these two complementary bills as tomorrow i'll bring to the floor a national security privacy bill, the national security privacy advancement act for which further reinforces the 2015, role of the department of homeland security's national cybersecurity and communication integration center as a hub for cyberthreat information sharing. chairman nunes and i worked in lockstep to remove obstacles preventing greater cyberthreat information sharing across the private and public sectors. and our staff and i commend the , staff on both sides of the
aisle have operated in tandem as , we crafted these cyber security bills. i'd also like to acknowledge chairman goodlatte for devising the house's standard liability exemption language for this week's cybersecurity bill. these bills represent a unified front in the house for strengthening cybersecurity while ensuring america's privacy, and i urge my colleagues to support this measure. with that i yield back the balance of my time. the chair: the gentleman the -- from texas yields back. the gentleman from california mr. , schiff, is recognized. mr. schiff: madam chair, it gives a great pleasure to yield three minutes to mr. himes, one of our subcommittee's ranking members, the gentleman from connecticut. the chair: the gentleman is recognized for three minutes. mr. himes: thank you. i thank my friend for yielding time. i'm thrilled to be standing here to urge support for the , protecting cybernetworks act. i'd like to thank and
congratulate chairman nunes, ranking member schiff, the chairman of the subcommittee on which i serve as ranking member, mr. westmoreland, for coming together at a time when this congress is accused, often rightly so, being difunctional -- dysfunctional to take a very substantial step to secure the networks on which so much of our lives today depend. as ranking member of the cybersecurity subcommittee, my daily travels every single day expose me to people who say the single most important thing we as a congress could do today to advance the security of our networks, to protect americans, their financial records, their health records and of course even more ominously, to protect them against potential attack against our utilities and any sort of thing our antagonists around the world would seek to do to us, the single most important thing to do is do what we're doing today is set up a rubric which the very good people can communicate threats
to each other and communicate with experts in the u.s. government to work as a team to counter serious threats. this rubric has been set up with ample attention and good attention to the legitimate privacy claims and the liberties we all take so seriously. the stakes are high. we saw what happened at sony. we saw what happened at anthem. we know of attacks that have been leveled internationally that destroyed computers. this is the reality that we live with and this is a very big , step, an information sharing protocol that will counter those who wish you ill. i would note that privacy protections in this bill are considerably better, as the chairman and the ranking member have pointed out. than those that were in the bill of the last congress. the objections of those that were focused on privacy have been dealt with point by point and while i won't say the bill is perfect, this bill does what it needs to do to protect the privacy of the american people
by obligating everyone to work hard, to scrub personally identifiable information from any code, any information that is exchanged. i've learned in my six years here we don't produce perfection, and it's my hope as this bill proceeds through the legislative path that we will work even harder to make sure we're very clear about definitions and in fact are protecting the privacy rights of americans as best as we can. but in the meantime we've taken a very big step forward in a bipartisan fashion in a way that will make america, its people and its networks more secure. , and for that i'm grateful to the leadership and urge support of the protecting cybernetworks act. thank you, i yield back the balance of my time. the chair: the gentleman from california, mr. schiff, reserves. the gentleman from california, mr. nunes, is recognized. mr. nunes: at this time we're still awaiting speakers to come down, madam chair, so i'll continue to reserve. the chair: the gentleman the
-- from california mr. , nunes, reserves. the gentleman from california, mr. schiff, is recognized. mr. schiff: madam chairman, i yield three minutes to mr. swalwell, another of our ranking members on the intelligence committee and a colleague from california. mr. swalwell: thank you. i want to thank our ranking member and the chair for bringing forth this bipartisan, necessary legislation. as we speak right now americans are under attack, and these attacks are not coming in the form of anything that we have been used to before. people are not kicking down front doors of homes and businesses. instead, they're attacking us through our networks. our bank accounts, our health care records, our social media accounts our cell phones are , all being hacked every day. cnn reported in 2014h half of the nation's adults were hacked.
the examples are voluminous. 70 million target customers were hacked. 4.6 million snapchat user accounts were hacked. this is snapchat which is an impenetrable account that allows data to come in and disappear. they were hacked. this is happening every day. our privacy is under attack. the problem today, there is virtually zero relationship between private industry and government. private industry which has 85% of the networks and government has 15% of the networks but has vast resources that could help protect individuals against attacks. our government has a duty, a responsibility to protect the american people. and that's what this bill seeks to do. it does it in a number of ways. first and foremost, this is a voluntary program that's being created.
no business is required to turn over their breach or hack information to the government. instead, there is a format, a procedure, that is now in place that will incentivize them to work with the government to identify in a way that strips out through a number of protections personal , identifiable information. the first way it is stripped out, when the business that has been hacked reports to a civilian agency, they must scrub the personal identifying information. that's not the only way that information is scrubbed. once the government agency receives this personal identifying information, again before it can be used or forwarded to the government, and again, it information, again, it should be scrubbed. two protections against personal identifying information being used. now, should any personal identifying information be passed and who along to the government. this bill provides a right of action, civil recourse for any individual who is wrong to sue the government.
there is also an oversight committee, a biannual report that must be presented to congress that would report on any privacy violations that occur. the american people day after day are either learning that they have been hacked or someone they know has been hacked. and this will continue to have a devastating effect on our economy and as my colleague alluded, perhaps our public utilities if we do not act. i urge support and i thank the chairman and ranking member for the hard work they have done. the chair: the gentleman's time has expired. the gentleman from california, mr. nunes, continues to reserve. mr. nunes: i continue to reserve. the chair: the gentleman from california, mr. schiff, is recognized. mr. schiff: i yield three minutes to ms. sewell from alabama a great member of the intelligence committee. ms. sewell: thank you, madam chair, and i would like to thank the ranking member as