H.R. 3523 (112th): Cyber Intelligence Sharing and Protection Act

Nov 30, 2011 (112th Congress, 2011–2013)
Died (Passed House)
Mike Rogers
Representative for Michigan's 8th congressional district
Read Text »
Last Updated
May 07, 2012
27 pages
Related Bills
H.R. 624 (113th) was a re-introduction of this bill in a later Congress.

Passed House
Last Action: Apr 18, 2013

H.Res. 631 (rule)

Agreed To (Simple Resolution)
Apr 26, 2012


This bill was introduced in a previous session of Congress and was passed by the House on April 26, 2012 but was never passed by the Senate.

Introduced Nov 30, 2011
Referred to Committee Nov 30, 2011
Reported by Committee Dec 01, 2011
Passed House Apr 26, 2012
Full Title

To provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities, and for other purposes.


No summaries available.

Apr 26, 2012 5:23 p.m.
Failed 167/243
Apr 26, 2012 5:27 p.m.
Agreed to 412/0
Apr 26, 2012 5:31 p.m.
Agreed to 410/3
Apr 26, 2012 5:36 p.m.
Agreed to 415/0
Apr 26, 2012 5:40 p.m.
Agreed to 416/0
Apr 26, 2012 5:44 p.m.
Agreed to 414/1
Apr 26, 2012 5:47 p.m.
Agreed to 413/3
Apr 26, 2012 6:31 p.m.
Passed 248/168

112 cosponsors (86R, 26D) (show)

House Permanent Select Intelligence

Senate Select Intelligence

The committee chair determines whether a bill will move past the committee stage.

Primary Source

THOMAS.gov (The Library of Congress)

GovTrack gets most information from THOMAS, which is updated generally one day after events occur. Activity since the last update may not be reflected here. Data comes via the congress project.


Get a bill status widget for your website »


Click a format for a citation suggestion:


H.R. stands for House of Representatives bill.

A bill must be passed by both the House and Senate in identical form and then be signed by the president to become law.

The bill’s title was written by its sponsor.

GovTrack’s Bill Summary

We don’t have a summary available yet.

Library of Congress Summary

The summary below was written by the Congressional Research Service, which is a nonpartisan division of the Library of Congress.

4/26/2012--Passed House amended.
Cyber Intelligence Sharing and Protection Act - Amends the National Security Act of 1947 to add provisions concerning cyber threat intelligence and information sharing.
Defines "cyber threat intelligence" as intelligence in the possession of an element of the intelligence community directly pertaining to:
(1) a vulnerability of a system or network of a government or private entity;
(2) a threat to the integrity, confidentiality, or availability of such a system or network or any information stored on, processed on, or transiting such a system or network;
(3) efforts to deny access to or degrade, disrupt, or destroy such a system or network; or
(4) efforts to gain unauthorized access to such a system or network, including for the purpose of exfiltrating information.
Excludes intelligence pertaining to efforts to gain unauthorized access to such a system or network that solely involve violations of consumer terms of service or consumer licensing agreements and do not otherwise constitute unauthorized access.
Requires the Director of National Intelligence (DNI) to: (1) establish procedures to allow intelligence community elements to share cyber threat intelligence with private-sector entities and utilities, and (2) encourage the sharing of such intelligence.
Requires the procedures established to ensure that such intelligence is only:
(1) shared with certified entities or a person with an appropriate security clearance,
(2) shared consistent with the need to protect U.S. national security, and
(3) used in a manner that protects such intelligence from unauthorized disclosure.
Provides for guidelines for the granting of security clearance approvals to certified entities or officers or employees of such entities.
Prohibits a certified entity receiving such intelligence from further disclosing the information to any entity other than another certified entity or a federal department or agency authorized to receive such intelligence.
Authorizes a cybersecurity provider (a non-governmental entity that provides goods or services intended to be used for cybersecurity purposes), with the express consent of a protected entity (an entity that contracts with a cybersecurity provider) to:
(1) use cybersecurity systems to identify and obtain cyber threat information in order to protect the rights and property of the protected entity; and
(2) share cyber threat information with any other entity designated by the protected entity, including the federal government.
Provides similar cybersecurity system use and threat information sharing authority to self-protected entities (an entity that provides goods or services for cybersecurity purposes to itself).
Requires the head of a federal agency receiving cyber threat information to provide such information to the National Cybersecurity and Communications Integration Center of the Department of Homeland Security (DHS), and allows such agency head to request the Center to provide such information to another federal agency.
Sets forth requirements with respect to the use and protection of shared information, including prohibiting the use of such information to gain a competitive advantage and, if shared with the federal government, exempts such information from public disclosure.
Prohibits a civil or criminal cause of action against a protected entity, a self-protected entity, or a cybersecurity provider acting in good faith under the above circumstances.
Allows the federal government to use shared cyber threat information:
(1) for cybersecurity purposes to ensure the integrity, confidentiality, availability, or safeguarding of a system or network;
(2) for the investigation of cybersecurity crimes;
(3) for the protection of individuals from the danger of death or serious bodily harm and the prosecution of crimes involving such dangers (including the protection of minors from child pornography, sexual exploitation, kidnapping, and trafficking); or
(4) to protect U.S. national security.
Prohibits the federal government from affirmatively searching such information for any other purpose.
Provides for the protection of sensitive personal documents such as library records, firearms sales records, educational records, tax returns, and medical records.
Requires a federal agency receiving information that is not cyber threat information to so notify the entity or provider of such information.
Prohibits federal agencies from retaining shared information for any unauthorized use.
Allows the federal government to undertake efforts to limit the impact of the sharing of such information on privacy and civil liberties.
Outlines federal government liability for violations of restrictions on the disclosure, use, and protection of voluntarily shared information.
Directs the Inspector General of the Intelligence Community to submit annually to the congressional intelligence committees a review of the use of such information shared with the federal government, as well as recommendations for improvements and modifications to address privacy and civil liberties concerns.
Preempts any state statute that restricts or otherwise regulates an activity authorized by the Act.
States that nothing in this Act shall be construed to:
(1) provide additional authority to, or modify existing authority of, any element of the intelligence community to control or direct the cybersecurity efforts of a private-sector entity or a component of the federal government or a state, local, or tribal government;
(2) limit or affect existing information sharing relationships of the federal government; or
(3) provide additional authority to, or modify existing authority of, any entity to use a cybersecurity system owned or controlled by the federal government on a private-sector system or network to protect the latter system or network.

House Republican Conference Summary

The summary below was written by the House Republican Conference, which is the caucus of Republicans in the House of Representatives.

No summary available.

House Democratic Caucus Summary

The House Democratic Caucus does not provide summaries of bills.

So, yes, we display the House Republican Conference’s summaries when available even if we do not have a Democratic summary available. That’s because we feel it is better to give you as much information as possible, even if we cannot provide every viewpoint.

We’ll be looking for a source of summaries from the other side in the meanwhile.

Use the comment space below for discussion of the merits of H.R. 3523 (112th) with other GovTrack users.
Your comments are not read by Congressional staff.

comments powered by Disqus