McCaul To Bow 'Robust' DHS-Centric Cyber Information Sharing Bill This Week

weeks. “We are in a pre-9/11 moment when it comes to cybersecurity,” he said Tuesday during a Center for Strategic and International Studies event, comparing jurisdictional barriers that prevented the U.S. from “connecting the dots” in advance of the 9/11 terrorist attacks to the lack of liability protections to encourage information sharing. McCaul said his bill would echo some aspects of the information sharing legislative proposal the White House released in January, which would also focus private sector-to-government information sharing at DHS’ National Cybersecurity and Communications Integration Center (NCCIC), but also includes what he said are more “robust” liability protections than the White House offered. McCaul’s bill would provide legal “safe harbors” for government-to-industry and company-to-company information sharing in addition to the protections the White House proposed for industry-to-government information sharing. McCaul said he supports also providing liability protections to companies that share with the NSA -- the main goal of the controversial Cyber Intelligence Sharing and Protection Act (HR-234) and the Cybersecurity Information Sharing Act -- but maintained that DHS should be the primary hub for private sector information sharing. The Senate Intelligence Committee was expected to release the text Tuesday of the latest iteration of CISA, which it approved 14-1 Thursday. The House Intelligence Committee is expected to mark up a bill similar to CISA, which McCaul said would be more difficult to pass than his bill. McCaul said he remains concerned that former NSA contractor Edward Snowden’s leaks about controversial NSA surveillance programs will continue to impede progress on information sharing legislation in this Congress, even though his bill would require information shared via DHS to be “thoroughly scrubbed” of personally identifiable information not directly linked with cyber risks.