HR 3523 One-Pager

Summary of the Rogers-Ruppersberger Cybersecurity Bill

U.S. companies report an onslaught of Chinese cyber intrusions that steal sensitive information like merger and acquisition data, pricing information, and the results of R&D efforts. 

  • This illegally-acquired information gives Chinese companies an unfair competitive advantage against the American companies they steal it from.
  • This rampant industrial espionage costs American jobs.
  • These same vulnerabilities used to steal info can also be used to delete it, crash servers, and even conduct physical attacks on our critical infrastructure (utilities, financial networks, air traffic control).

U.S. government has classified cyber threat intelligence that, if shared with private sector, could help the private sector better defend its own networks -- vast majority of private sector doesn’t get any access to this vital data. 

  • My bill would vastly improve cyber threat sharing, all while providing strong protections for privacy and civil liberties.
  • Developed in close consultation with broad range of private sector companies, trade groups, privacy and civil liberties advocates, and the Executive Branch, and enjoys the support of virtually every sector of the economy.  
  • I continue to work with all interested parties to continue to improve the bill.

Privacy Protections: 

  • Prohibits the government from tasking private sector entities to provide information to the government.
  • Encourages the private sector to “anonymize” or “minimize” information it voluntarily shares with others, including the government. 
  • Requires an independent IC Inspector General audit of information shared with the government.
  • Definitions amended to remove the term “intellectual property” to make clear that the bill is intended only to defend against attempts by advanced cyber hackers, from countries like China, (not American teenagers illegally downloading MP3 files).
  • Gives DHS a role by requiring it (with exceptions like protecting intelligence sources and methods), to receive a “carbon copy” of cyber information voluntarily shared with government, and makes clear that no new authorities are granted to DoD or the Intelligence Community to direct private or public cybersecurity efforts.
  • Significantly limits government’s use of information voluntarily provided by private sector, including a restriction on the government’s ability to search data.
  • Enforces the bill’s restrictions by authorizing federal lawsuits against the government for any violations of those restrictions.