A bill to provide the authority to monitor and defend against cyber threats, to improve the sharing of cybersecurity information, and for other purposes.
Cybersecurity Information Sharing Act of 2012 - Authorizes private entities to monitor information systems for cybersecurity threats and operate countermeasures for protection, including the information systems of third parties authorizing such measures.
Allows private entities to disclose lawfully obtained cybersecurity threat indicators to any other private entity, provided that the entities: (1) make efforts to safeguard information that can be used to identify specific persons, (2) comply with lawful use or disclosure restrictions, (3) not use the indicators to gain an unfair competitive advantage, and (4) use the indicators only for the purpose of protecting against or mitigating cybersecurity threats.
Directs the Secretary of Homeland Security (DHS) to establish processes and procedures for: (1) designating appropriate federal and non-federal entities as cybersecurity exchanges, (2) sharing classified and unclassified cybersecurity threat information with designated cybersecurity exchanges and other appropriate entities, and (3) identifying certified entities to receive such classified information.
Directs the Secretary to designate a federal entity as the lead cybersecurity exchange for cybersecurity information sharing among federal entities and with non-federal entities.
Allows a non-federal entity to disclose lawfully obtained cybersecurity threat information to an exchange.
Requires the Secretary to develop policies and procedures that govern a federal entity's receipt, retention, use, and disclosure of cybersecurity threat information in a manner that minimizes the impact on privacy and civil liberties. Directs: (1) the Secretary and the Attorney General (DOJ) to establish a mandatory program to oversee compliance with such policies and procedures, and (2) the heads of federal entities to develop and enforce appropriate sanctions for officers, employees, or agents of the federal entities who conduct prohibited activities.
Provides legal protections for entities engaged in cybersecurity monitoring activities, including a good faith defense.
Committee on Homeland Security and Governmental Affairs. Hearings held. Hearings printed: S.Hrg. 112-524.
Upon reconsideration, cloture on the bill not invoked in Senate by Yea-Nay Vote. 51 - 47. Record Vote Number: 202. (consideration: CR S6784; text: CR S6784)
Introduced in Senate
Sponsor introductory remarks on measure. (CR S568-569)
Read twice and referred to the Committee on Homeland Security and Governmental Affairs.
checking server…
Ask anything about this bill. The AI reads the full text to answer.
Enter to send · Shift+Enter for new line