In legislation introduced this week, the U.S. government and companies would be encouraged to share information about cybersecurity threats and hacker attacks.
The measure, introduced by Intelligence Committee Chairman Mike Rogers, would shield companies from lawsuits and public disclosure requirements when they inform federal agencies about their security vulnerabilities and the type of cyber attacks they experienced.
“There is an economic cyberwar going on today against U.S. companies,” Rogers said in a statement. “Economic predators, including nation-states, are blatantly stealing business secrets and innovation from private companies. This cybersecurity bill goes a long way in helping American businesses better protect their networks and their intellectual property.”
Under the bill, companies would be protected from civil or criminal lawsuits for “acting in good faith” to inform the government that hackers have attacked their computer systems or compromised people’s personal information.
The bill was written by Rogers and committee member, C. A. “Dutch” Ruppersberger of Maryland.
The bill does notrequire companies to report their cybersecurity vulnerabilities to the government or tell businesses which agencies to contact. Information that companies provide to the government would be exempt from Freedom of Information Act requests and couldn’t be used by the government for mandating regulations.
The bill also calls on the Office of the Director of National Intelligence to establish procedures that allow intelligence agencies to share classified cyberthreat information with private companies that are certified by the government to receive such data.