Cybersecurity Information Sharing Act of 2015
Requires the Director of National Intelligence (DNI), the Department of Homeland Security (DHS), the Department of Defense (DOD), and the Department of Justice (DOJ) to develop and promulgate procedures to promote: (1) the timely sharing of classified and declassified cyber threat indicators in possession of the federal government with private entities, non-federal government agencies, or state, tribal, or local governments; (2) the sharing of unclassified indicators with the public; and (3) the sharing of cybersecurity threats with entities to prevent or mitigate adverse effects.
Permits private entities to monitor, and operate defensive measures to detect, prevent, or mitigate cybersecurity threats or security vulnerabilities on: (1) their own information systems; and (2) with authorization and written consent, the information systems of other private or government entities.
Allows entities to share and receive indicators and defensive measures with other entities or the federal government.
Requires the federal government and entities monitoring, operating, or sharing indicators or defensive measures: (1) to utilize security controls to protect against unauthorized access or acquisitions, and (2) prior to sharing an indicator, to remove personal information of or identifying a specific person not directly related to a cybersecurity threat.
Permits state, tribal, or local agencies to use shared indicators (with the consent of the entity sharing the indicators) to prevent, investigate, or prosecute offenses relating to: (1) an imminent threat of death, serious bodily harm, or serious economic harm, including a terrorist act or a use of a weapon of mass destruction; or (2) crimes involving serious violent felonies, fraud and identity theft, espionage and censorship, or trade secrets.
Directs DOJ to promulgate: (1) procedures relating to the receipt of indicators and defensive measures by the federal government, and (2) guidelines to limit the retention or dissemination of personal or identifying information. Requires such procedures to include appropriate sanctions for federal officers, employees, or agents who conduct unauthorized activities.
Directs DHS to develop a process within DHS for the federal government to: (1) accept cyber threat indicators and defensive measures from any entity in real time, and (2) ensure that appropriate federal entities receive the shared indicators in an automated manner through that real-time process.
Requires the DHS capability to be the process by which the federal government receives indicators and defensive measures under this Act that are shared by a private entity with the federal government through electronic mail or media, an interactive Internet website form, or a real-time, automated process between information systems except: (1) communications between a federal entity and a private entity regarding a previously shared cyber threat indicator, and (2) communications by a regulated entity with such entity's federal regulatory authority regarding a cybersecurity threat.
Prohibits DHS's process from limiting lawful disclosures of communications, records, or other information to: (1) report known or suspected criminal activity, (2) participate in a federal investigation voluntarily or upon being legally compelled, or (3) provide indicators or defensive measures as part of a statutory or authorized contractual requirement.
Authorizes indicators and defensive measures to be disclosed to, retained by, and used by, consistent with otherwise applicable federal law, any federal agency or federal government agent solely for:
Prohibits indicators and defensive measures provided to the government from being directly used by government agencies to regulate the lawful activities of an entity.
Provides liability protections to entities acting in accordance with this Act that: (1) monitor information systems, or (2) share or receive indicators or defensive measures, provided that the manner in which an entity shares any indicators or defensive measures with the federal government is consistent with specified procedures and exceptions set forth under the DHS sharing process.
Prohibits this Act from being construed to permit the federal government to require an entity to provide information to the federal government.
Amends the National Defense Authorization Act for Fiscal Year 2013 to authorize DOD to share with other federal entities information reported by a cleared defense contractor regarding a penetration of network or information systems.
| Action Date | Type | Text | Source |
|---|---|---|---|
| 2015-10-28 | Floor | Held at the desk. | House floor actions |
| 2015-10-28 | Floor | Message on Senate action sent to the House. | Senate |
| 2015-10-28 | Floor | Received in the House. | House floor actions |
| 2015-10-27 | Vote | Passed Senate with an amendment by Yea-Nay Vote. 74 - 21. Record Vote Number: 291. (text: CR S7522-7534) | Senate |
| 2015-10-27 | Floor | Cloture motion on the measure withdrawn by unanimous consent in Senate. (consideration: CR S7520) | Senate |
| 2015-10-27 | Floor | Considered by Senate. (consideration: CR S7498-7510, S7510-7522) | Senate |
| 2015-10-22 | Floor | Considered by Senate. (consideration: CR S7430-7439, S7441-7445) | Senate |
| 2015-10-21 | Floor | Considered by Senate. (consideration: CR S7374-7406, S7407-7408) | Senate |
| 2015-10-20 | Floor | Cloture motion on the measure presented in Senate. (consideration: CR S7342; text: CR S7342) | Senate |
| 2015-10-20 | Floor | Measure laid before Senate by unanimous consent. (consideration: CR S7332-7342) | Senate |
| 2015-08-05 | Floor | Cloture motion on the motion to proceed to the measure withdrawn by unanimous consent in Senate. (consideration: CR S6342) | Senate |
| 2015-08-05 | Floor | Motion to proceed to measure considered in Senate. (consideration: CR S6329-6348, S6350-6351; text: CR S5329) | Senate |
| 2015-08-04 | Floor | Motion to proceed to measure considered in Senate. (consideration: CR S6256, S6257-6262, S6263-6264, S6266-6267, S6271-6272, S6279) | Senate |
| 2015-08-03 | Floor | Cloture motion on the motion to proceed to consideration of the measure presented in Senate. (consideration: CR S6228; text: CR S6228) | Senate |
| 2015-08-03 | Floor | Motion to proceed to consideration of measure made in Senate. (consideration: CR S6228) | Senate |
| 2015-04-15 | Floor | By Senator Burr from Select Committee on Intelligence filed written report. Report No. 114-32. Additional views filed. | Senate |
| 2015-03-17 | Calendars | Placed on Senate Legislative Calendar under General Orders. Calendar No. 28. | Senate |
| 2015-03-17 | Committee | Select Committee on Intelligence. Original measure reported to Senate by Senator Burr. Without written report. | Senate |
| 2015-03-17 | IntroReferral | Introduced in Senate | Library of Congress |