GovTrack’s Bill Summary
We don’t have a summary available yet.
The bill’s title was written by its sponsor. H.R. stands for House of Representatives bill.
This bill was introduced in a previous session of Congress and was passed by the House on April 26, 2012 but was never passed by the Senate.
Last updated May 07, 2012.
|Referred to Committee|
|Reported by Committee|
To provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities, and for other purposes.
GovTrack gets most information from THOMAS, which is updated generally one day after events occur. Activity since the last update may not be reflected here.
The committee chair determines whether a bill will move past the committee stage.
No summaries available.
Click a format for a citation suggestion:
H.R. 3523--112th Congress: Cyber Intelligence Sharing and Protection Act. (2011). In www.GovTrack.us. Retrieved March 11, 2014, from http://www.govtrack.us/congress/bills/112/hr3523
“H.R. 3523--112th Congress: Cyber Intelligence Sharing and Protection Act.” www.GovTrack.us. 2011. March 11, 2014 <http://www.govtrack.us/congress/bills/112/hr3523>
|title=H.R. 3523 (112th)
|accessdate=March 11, 2014
|author=112th Congress (2011)
|date=November 30, 2011
|quote=Cyber Intelligence Sharing and Protection Act
We don’t have a summary available yet.
The summary below was written by the Congressional Research Service, which is a nonpartisan division of the Library of Congress.
The summary below was written by the House Republican Conference, which is the caucus of Republicans in the House of Representatives.
This summary can be found at http://www.gop.gov/bill/112/2/hr3523.
According to H.Rept. 112-445, the House Permanent Select Committee on Intelligence found that a number of advanced nation-state actors are actively engaged in a series of wide-ranging, aggressive efforts to penetrate American computer systems and networks; these efforts extend well beyond government networks, and reach deep into nearly every sector of the American economy, including companies serving critical infrastructure needs.
The Committee report notes, “these efforts are targeted not only at sensitive national security and infrastructure information, but are also often aimed at stealing the corporate research and development information that forms the very lifeblood of the American economy. China, in particular, is engaged in an extensive, day-in, day-out effort to pillage American corporate and government information. There can be no question that in today’s modern world, economic security is national security, and the government must help the private sector protect itself.”
While the government is already doing much to provide support and assistance to the private sector to address this threat, in particular through the Department of Homeland Security and the Federal Bureau of Investigation, more can and should be done in the immediate future. In particular, the Committee determined that the Intelligence Community is currently in possession of tremendously valuable intelligence and strategic insights derived from its extensive overseas intelligence collection efforts that can and should be provided—in both classified and unclassified form (when possible)—to the private sector in order to help the owners and operators of the vast majority of America’s information infrastructure better protect themselves. The Committee believes that the recent Defense Industrial Base Pilot project (“DIB Pilot”) is a good model for demonstrating how sensitive government threat intelligence can be shared with the private sector in an operationally usable manner. Under the DIB Pilot, the government provides classified threat intelligence to key Internet Service Providers, who use the information to protect a limited number of companies in the defense industrial base, all on a voluntary basis.
The Committee’s review also determined that while much cybersecurity monitoring and threat information sharing takes place today within the private sector, real and perceived legal barriers substantially hamper the efforts of the private sector to protect itself. The Committee determined that these issues are best resolved in the first instance by providing clear, positive authority to permit the monitoring—by the private sector—of privately-owned and operated networks and systems for the purpose of detecting cybersecurity threats and to permit the voluntary sharing of information about those threats and vulnerabilities with others, including entities within the private sector and with the federal government.
In the view of the Committee, an approach based on voluntary, private sector defense of private systems and networks, informed by government intelligence information, best protects individual privacy and takes advantage of the natural incentives built into our economic system, including harnessing private sector drive and innovation. The Committee’s review revealed that America’s cyber infrastructure is distressingly vulnerable to espionage and attacks by nation-states and others with advanced capabilities. The Committee believes that immediate and serious action is necessary to staunch the bleeding of American corporate research and development information and to better protect our national security.
H.R. 3523 would amend the National Security Act of 1947 to require that the Director of National Intelligence (DNI) establish procedures allowing element of the intelligence community to share cyber threat intelligence with private-sector entities.
The bill would define "cyber threat intelligence" as information in the possession of an element of the intelligence community directly pertaining to a vulnerability of, or threat to, a system or network of a government or private entity, including information pertaining to the protection of a system or network from: (1) efforts to degrade, disrupt, or destroy such system or network; or (2) theft or misappropriation of private or government information, intellectual property, or personally identifiable information.
The bill would also require that the procedures established ensure that such intelligence is only: (1) shared with certified entities or a person with an appropriate security clearance, (2) shared consistent with the need to protect U.S. national security, and (3) used in a manner that protects such intelligence from unauthorized disclosure. The bill would also provide for guidelines for the granting of security clearance approvals to certified entities or officers or employees of such entities.
H.R. 3523 would authorize a “cybersecurity provider” (a non-governmental entity that provides goods or services intended to be used for cybersecurity purposes), with the express consent of a “protected entity” (an entity that contracts with a cybersecurity provider) to: (1) use cybersecurity systems to identify and obtain cyber threat information in order to protect the rights and property of the protected entity; and (2) share cyber threat information with any other entity designated by the protected entity, including the federal government.
The bill would regulate the use and protection of shared information, including prohibiting the use of such information to gain a competitive advantage and, if shared with the federal government, would exempt such information from public disclosure. The bill would also prohibit a civil or criminal cause of action against a protected entity, a self-protected entity (an entity that provides goods or services for cybersecurity purposes to itself), or a cybersecurity provider acting in good faith under the above circumstances.
The bill would also allow the federal government to use shared cyber threat information only if: (1) the use is not for a regulatory purpose, and (2) at least one significant use purpose is either for cybersecurity or the protection of U.S. national security. The bill would prohibit the federal government from affirmatively searching such information for any other purpose.
Lastly, the bill would direct the Inspector General of the Intelligence Community to submit annually to the congressional intelligence committees a review of the use of such information shared with the federal government, as well as recommendations for improvements and modifications to address privacy and civil liberties concerns.
The bill would preempt any state statute that restricts or otherwise regulates an activity authorized by the Act.
The Congressional Budget Office (CBO) estimates that implementing H.R. 3523 would have a discretionary cost of $15 million over the 2012–2016 period, assuming appropriation of the necessary amounts. Enacting H.R. 3523 would not affect direct spending or revenues; therefore, pay-as-you-go procedures do not apply.
The House Democratic Caucus does not provide summaries of bills.
So, yes, we display the House Republican Conference’s summaries when available even if we do not have a Democratic summary available. That’s because we feel it is better to give you as much information as possible, even if we cannot provide every viewpoint.
We’ll be looking for a source of summaries from the other side in the meanwhile.
The bill contains the following citations to other parts of U.S. law:
Slip laws refer to enacted bills and joint resolutions in their original form as enacted by Congress, that is, before other laws amend them. Slip laws are cited as “Public Law XXX-YYY”, where XXX is the number of the Congress in which the bill or resolution was introduced.
The United States Code is the compilation of general and permanent laws enacted by Congress. Laws that are not permanent in nature, law that affect a single individual, family, or small group, regulations, case law, state law, and local law do not appear in the United States Code.