The omnibus fiscal year 2016 appropriations package has been enacted – and with it, some new language on cybersecurity and information sharing supported by the ABA.
The cybersecurity provisions in the package, H.R. 2029, were drawn from S. 754, the Cybersecurity Information Sharing Act of 2015 (CISA), passed by the Senate on Oct. 27, and two House bills, H.R. 1560 and H.R. 1731, passed by the House in April.
The legislation encourages information sharing between private companies and the government and provides liability protection for companies that share cyber threat data with the government.
The provisions also require the Departments of Homeland Security, Defense, and Justice, and the Director of National Intelligence to create measures to share cyber threat information with governments, entities, and agencies that are affected.
House Intelligence Committee Chairman Devin Nunes (R-Calif.) said the cybersecurity and intelligence provisions in the omnibus bill are “vital for protecting America’s digital networks and for implementing the necessary funding, authorizations, and oversight for the intelligence community.”
The ABA offered Senate leaders the association’s perspective on comprehensive cybersecurity reform in June and provided five guiding principles for members of Congress to consider as they developed cybersecurity legislation.
“The ABA has long recognized that we must make it a priority to prevent unauthorized intrusions into the computer systems and networks utilized by lawyers and law firms, and we recently adopted policy calling upon all private sector organizations to maintain appropriate cybersecurity measures,” ABA Governmental Affairs Director Thomas M. Susman wrote June 1 to Senate Majority Leader Mitch McConnell (R-Ky.) and Senate Minority Leader Harry Reid (D-Nev.).
The ABA principles recognize that:
• robust information sharing and collaboration is needed between government agencies and private industry to manage global cyber risks;
• public and private frameworks are essential to successfully protect United States assets, infrastructure and economic interests from cyber attacks;
• legal and policy environments must be modernized to stay ahead of, or at least keep pace with, technological advancement;
• privacy and civil liberties must remain a priority when developing cybersecurity law and policy; and
• training, education and workforce development of government and corporate leadership, technical operators and lawyers requires adequate investment and resources in cybersecurity to be successful.