WASHINGTON, D.C. — U.S. Senators Gary Peters (D-MI), Ranking Member of the Homeland Security and Governmental Affairs Committee, and Mike Rounds (R-SD) have introduced the Protecting America from Cyber Threats Act, a bipartisan bill to renew critical cybersecurity provisions that expired on September 30th. The bill seeks to reauthorize a law that has been in place for ten years that enables private companies to voluntarily share cybersecurity threat indicators – such as malware signatures, software vulnerabilities, and malicious IP addresses – with the Department of Homeland Security (DHS). This collaboration has helped prevent data breaches, protected personal information, and strengthened the federal government’s ability to respond to cyberattacks from foreign adversaries and criminal networks.
“This bipartisan bill renews a proven framework that has helped defend critical networks at our hospitals, financial systems, and energy grids from cyberattacks for a decade,” said Senator Peters. “We must quickly renew these longstanding cybersecurity protections that encourage companies to voluntarily share information about cybersecurity threats with the federal government to ensure we are prepared to defend our national and economy security against relentless attacks from cybercriminals and foreign adversaries.”
“The Cybersecurity Information Sharing Act of 2015 has been instrumental in strengthening our nation’s cyber defenses by enabling critical information sharing between the private sector and government,” said Senator Rounds. “The lapse in this legislation due to the government shutdown leaves our nation vulnerable to cyber attacks. Our legislation would extend these provisions for an additional 10 years.”
The Protecting America from Cyber Threats Act would renew cybersecurity liability protections that encourage private companies to voluntarily share information about cybersecurity threats, providing valuable insights into malicious cyber activities and strengthening our nation’s ability to respond to cyberattacks. This legislation builds on a 2015 bipartisan law that has helped address cyberattacks like SolarWinds, Volt Typhoon and Salt Typhoon, and to alert federal agencies to ongoing attacks from the governments of Russia, China, Iran, North Korea, and other attackers. The legislation also includes comprehensive privacy protections to prevent individuals’ personally identifiable information (PII) from being included in threat information reports.
When private companies share alerts about security flaws and cyberattacks, they help the federal government prevent attacks from spreading further and provide support to victims. This threat information is also often shared widely with state and local governments, and critical infrastructure operators to ensure that communities across the country and businesses across a range of industries are informed of cybersecurity threats and can take action to protect their networks.
The bipartisan bill is supported by Airlines for America, American Gas Association, Bank Policy Institute, Business Roundtable, Business Software Alliance, Chamber of Commerce, Edison Electric Institute, National Association of Manufacturers, National Retail Federation, USTelecom, and more. To see the full list of stakeholder support, click here.
Full bill text is available here.
In his role on the Homeland Security and Governmental Affairs Committee, Peters has led efforts to ensure our nation is better prepared to defend against cyberattacks. His historic, bipartisan provision to require critical infrastructure owners and operators to report if they experience a substantial cyberattack or if they make a ransomware payment was signed into law. Peters’ bipartisan bills to enhance cybersecurity assistance to K-12 educational institutions, bolster cybersecurity for state and local governments, strengthen the federal cybersecurity workforce, and help secure federal information technology supply chains have also been signed into law.
###