S.2102 - Cybersecurity Information Sharing Act of 2012112th Congress (2011-2012)
|Sponsor:||Sen. Feinstein, Dianne [D-CA] (Introduced 02/13/2012)|
|Committees:||Senate - Homeland Security and Governmental Affairs|
|Latest Action:||Senate - 02/13/2012 Read twice and referred to the Committee on Homeland Security and Governmental Affairs. (All Actions)|
This bill has the status Introduced
Here are the steps for Status of Legislation:
Summary: S.2102 — 112th Congress (2011-2012)All Information (Except Text)
Introduced in Senate (02/13/2012)
Cybersecurity Information Sharing Act of 2012 - Authorizes private entities to monitor information systems for cybersecurity threats and operate countermeasures for protection, including the information systems of third parties authorizing such measures.
Allows private entities to disclose lawfully obtained cybersecurity threat indicators to any other private entity, provided that the entities: (1) make efforts to safeguard information that can be used to identify specific persons, (2) comply with lawful use or disclosure restrictions, (3) not use the indicators to gain an unfair competitive advantage, and (4) use the indicators only for the purpose of protecting against or mitigating cybersecurity threats.
Directs the Secretary of Homeland Security (DHS) to establish processes and procedures for: (1) designating appropriate federal and non-federal entities as cybersecurity exchanges, (2) sharing classified and unclassified cybersecurity threat information with designated cybersecurity exchanges and other appropriate entities, and (3) identifying certified entities to receive such classified information.
Directs the Secretary to designate a federal entity as the lead cybersecurity exchange for cybersecurity information sharing among federal entities and with non-federal entities.
Allows a non-federal entity to disclose lawfully obtained cybersecurity threat information to an exchange.
Requires the Secretary to develop policies and procedures that govern a federal entity's receipt, retention, use, and disclosure of cybersecurity threat information in a manner that minimizes the impact on privacy and civil liberties. Directs: (1) the Secretary and the Attorney General (DOJ) to establish a mandatory program to oversee compliance with such policies and procedures, and (2) the heads of federal entities to develop and enforce appropriate sanctions for officers, employees, or agents of the federal entities who conduct prohibited activities.
Provides legal protections for entities engaged in cybersecurity monitoring activities, including a good faith defense.