Security is on the agenda from coast to coast this week.
Cybersecurity information sharing legislation will hit the House floor this week. H.R. 1731, the National Cybersecurity Protection Advancement Act was reported out of the House Committee on Homeland Security on April 17, and H.R. 1560, the Protecting Cyber Networks Act was moved by the House Permanent Select Committee on Intelligence on April 13. The two bills will likely be merged before coming to a vote. Similar to the Cybersecurity Information Sharing Act moving through the Senate – the most recent version of which, S. 754, was reported out of the Senate Select Committee on Intelligence in March – both House bills authorize and provide liability protections for companies to, for cybersecurity purposes, monitor their networks and share information on cybersecurity threats with both the government and other private companies. The bills also authorize the use of defensive measures to protect networks from malicious threats, though they contain limits designed to restrict so-called “hack back” techniques.
Both bills include privacy protections designed to safeguard personal information and restrict companies from sharing it with either the government or other private entities, but some privacy advocates are still concerned about the adequacy of these safeguards. Privacy has remained a hot-button issue surrounding cyber information sharing legislation since Edward Snowden’s exposure of the National Security Agency’s bulk collection of telephone metadata and PRISM surveillance program.
And, the RSA Conference -- "where the world talks security" -- opens today in San Francisco. The conference kicks off this morning, with a keynote by RSA President Amit Yoran and another later in the day by Department of Homeland Security Secretary Jeh Johnson, but yesterday, things were already getting rolling as the Cloud Security Alliance held its CSA Summit, focusing on enterprise cloud adoption and security lessons learned. Trusted Computing Group had its panel discussion combining mobile computing, Internet of Things, and cloud security. Follow the RSA Conference blog for summaries and updates.
Thanks to Mary Lovejoy for the Washington update.