Cybersecurity Information Sharing Act of 2014: What does it allow?

Lowndes
Contact
LinkedIn
Facebook
X
Send
Embed

[author: Kyle Marcil - Student Law Intern]

The Cybersecurity Information Sharing Act of 2014 was created to identify and share cyber threat indicators, which are pieces of information necessary to describe or identify “malicious reconnaissance;” a method of defeating a security control; security vulnerabilities; malicious cyber command; or any other cyber security threat.

The act requires the Director of National Intelligence, Secretary of Homeland Security, Secretary of Defense, and the Attorney General to develop and promote procedures for handling and sharing classified and declassified cyber threat indicators. These procedures will be used to provide private entities as well as government officials a means of collecting and monitoring cyber threats. The Act also calls for a procedure to make unclassified cyber threats available to the public.

Private entities are permitted to monitor and operate countermeasures to prevent cyber threats. In addition, private entities will be allowed to share these cyber threat indicators with other private entities and the federal government. The private entities are also tasked with creating countermeasures to cyber threats.

However, the Act limits the government from using the indicators to regulate lawful activity and prevents the government from requiring an entity to provide information.

Each federal agency is tasked with developing procedures to aid in the joint effort against cyber threats. The Attorney General must develop tracking procedures and explain limits to protect civil liberties and privacy. The Department of Homeland Security (DHS) Secretary must provide an electronic sharing database and notice to the public.

All federal entities must report to Congress at least every two years to assess the impact on privacy and civil liberties; review the appropriateness of their actions; and describe government violations. Additionally, the Department of National Intelligence must report to Congress its assessment of the current intelligence sharing issues; a list of countries or non-state actors that pose possible threats; a description of the U.S.’s response and prevention capabilities to a cyber-threat; and possible enhancements that can be made to improve the defense against cyber threats.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Lowndes | Attorney Advertising

Written by:

Lowndes
Lowndes
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Lowndes on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide