This bill hopes to incentivize private sector organizations to share cyber threat information with the government with the promise of expanded liability protections — basically a big security blanket against lawsuits.
Information exchanges would go through the National Cybersecurity and Communications Integration Center (NCCIC) — a center that organizes and shares cyber threat information provided voluntarily by private, federal, state and local entities under the Department of Homeland Security (DHS). This bill would officially designate NCCIC as the lead interface for civilian organizations, and require it to only use information to prevent and respond to cyber attacks.
Under this bill, the NCCIC would be authorized to offer liability protections to private businesses that voluntarily share cyber threat information and defensive measures. These private businesses would also be given liability protections to conduct network awareness of their information systems, and operate defensive measures to guard against cyber threats that might steal sensitive information from their business and customers.
Privacy protections would also be enhanced in this bill, as all personal information would be removed by public and private entities before cyber threat information is initially shared, then the NCCIC would re-check what is shared and delete any remaining personal information. Annual reports of the effectiveness of these civil liberties protections would be provided to Congress.
All existing public-private partnerships would be preserved so that ongoing cybersecurity elaborations can continue under these new requirements.