Gen. Keith Alexander, the outgoing chief of U.S. Cyber Command and the NSA, deserves praise for continuing to push for carefully crafted legislation to facilitate quicker exchanges of threat data between government and business. Just the other day in The Hill newspaper, Alexander wrote [emphasis is mine]:
We need to pass cybersecurity legislation in order to enable better information-sharing between government and industry. We must be transparent on cyber legislation so the American people will support it. ... We in government and in the private sector also need methods to provide meaningful information to network defenders about incoming threats to infrastructure while protecting privacy and civil liberties. Those methods are not in place today.
The recent cyber thefts affecting retailers and banks are high-profile examples of an ongoing and pernicious problem that require a broad industry response, in close cooperation with law enforcement and homeland security officials.
The House cleared vital information-sharing legislation a year ago—for the second time since 2011—to grow our collective awareness of and protect the business community from sophisticated criminal gangs and foreign powers.
But, legislation has not moved in the Senate. Industry is still waiting for the enactment of a bill creating a legal architecture that would give companies confidence to experiment freely to counter cyber attackers and share what’s learned with their business partners—so they, too, can adapt and enhance their organizations’ resilience.
The U.S. Chamber recognizes that the NSA controversy has chilled the progress of information-sharing legislation on Capitol Hill. However, the time to finish an industry-supported bill and send it to the president’s desk is now.