The 9/11 Commission is calling on Sen. Majority Leader Harry Reed (D-Nev.) to get cybersecurity legislation passed before the end of this Congress.
The commission reconvened earlier this year and released a report in July assessing the state of national security a decade after issuing the initial report.
"With our adversaries’ cyber-capabilities growing stronger each day, the time to act is now," wrote Gov. Thomas Kean and Congressman Lee Hamilton, chair and vice chair of the commission on behalf of the commission. "A growing chorus of national-security experts describes the cyber domain as the battlefield of the future. Yet, in the words of one former principal with whom we spoke, 'we are at September 10 levels in terms of cyber preparedness.' That is alarming."
They urged the passage of S. 2588, the Cybersecurity Information Sharing Act of 2014, which passed out of the Senate Intelligence Committee by a vote of 12 to 3.
The bill allows for public-private cybersecurity info sharing, providing liability protection for companies that give that info to the government. They point out that the bill provides civil liberties protections, including requiring companies to remove personal information before sharing the info and the Attorney General to come up with privacy and civil liberties guidelines. To the extent those are insufficient, they say, the House can add some more in conference after the Senate passes the bill.
The legislation directs the Department of Homeland Security to oversee a "portal" through which cyber information will be shared with other federal entities. Government use of that information is limited to cyber threats and cannot include "inappropriate investigations or regulation." The collection will be subject to review by relevant Inspector Generals and the Privacy and Civil Liberties Oversight Board.