Dec 27, 2015
Cybersecurity or surveillance? What does the language attached at the last minute to the 2,009 page omnibus government funding bill actually authorize? In this episode, we take a close look at what just became law.
Thank you for supporting truly independent media!
The Cybersecurity Act of 2015 was attached at the last minute to the "omnibus" government funding bill, which was 2,009 pages long and available to read for less than three days before it became law. This is and outline of what became law:
"Agency": "Any executive department, military department, Government corporation, Government controlled corporation, or other establishment in the executive branch of Government"
"Cybersecurity threat": An action that "may result in an unauthorized effort to adversely impact the security, availability, confidentiality, or integrity of an information system or information that is stored on, processed by, or transiting an information system".
"Cyber threat indicator": "Information that is necessary to describe or identify"...
"Non-Federal entity": "Any private entity, non-Federal government agency or department, or State, tribal, or local government (including a political subdivision, department, or component thereof)"
Section 103: Sharing of Information by the Federal Government
Procedures for sharing information both within and outside the Federal government will be created by:
The procedures developed must...
Use of Cyber Threat Indicators by Government
State, tribal, or local governments and the Federal Government can use the information they receive for...
Information shared will be "exempt from disclosure under any provision of State, tribal, or local freedom of Information law, open government law, sunshine law, or similar law requiring disclosure of information or records"
Section 105: Sharing of Cyber Threat Indicators and Defensive Measures with the Federal Government"
Policies will be written by...
Policies must create a way to share information "in an automated manner with all of the appropriate Federal entities"
Information shared with the Federal Government will go to the Department of Homeland Security
Information shared with the Federal government can not be used to regulate the lawful activities of any non-Federal entity
Section 106: Protection from Liability
Section 107: Oversight of Government Activities
Section 108: Construction and Preemption
Section 109: Report on Cybersecurity Threats
Section 203: Information Sharing Structure and Processes
The National Cybersecurity and Communications Integration Center will implement the procedures for sharing information that are created by Title I (view this mark-up of the Homeland Security Act of 2002 to see changes made by this provision)
Adds functions to the National Cybersecurity and Communications Integration Center including...
Adds tribal governments and private entities to the list of entities that will have representatives in the National Cybersecurity and Communications Integration Center
Adds protection from information "disclosure" to list of the Center's principles
Orders the Center to work with the "Privacy Officer" to make sure the Center follows the policies and procedures created by the Attorney General and Secretary of Homeland Security.
The Center will be in charge of creating the automated system for information sharing.
The Center may partner directly with any "consenting non-Federal entity" for the purpose of sharing "cyber threat indicators"
Orders the Center to publicly publish information on how to share information with the Center within 60 days of enactment
Sections 206-209: Reports that will expire after 7 years
Section 223: Improved Federal Network Security
Section 225: Federal Cybersecurity Requirements
Section 229: Direction to Agencies
Section 303: National Cybersecurity Workforce Measurement Initiative
Section 401: Study on Mobile Device Security
Section 402: Department of State International Cyberspace Policy Strategy
Section 403: Apprehension and Prosecution of International Cyber Criminals
Section 404: Enhancement of Emergency Services
Section 405: Improving Cybersecurity in the Health Care Industry
Article: Meet the Lobbyists and Big Money Interests Pushing to End the Oil Exports Ban by Steve Horn, DeSmogBlog, December 16, 2015.
Article: 9 Heinous Items Sneaked Into the Budget Bill Congress Doesn't Want You to See by Tom Cahill, U.S. Uncut, December 19, 2015.
Article: Hospitality and Gambling Interests Delay Closing of Billion-Dollar Tax Loophole by Eric Lipton and Liz Moyer, New York Times, December 20, 2015.
Article: The CISA Secret to Cybersecurity that No One Seems to Get by Mike Gault, Wired, December 20, 2015.
Design by Only Child Imaginations