Tom Cotton said "Mr. President, today I speak in support of the Cotton amendment to the Cybersecurity Information Sharing Act. My amendment is straightforward. It simply would provide liability protection to any business or other private organization that shares cyber threat indicators to the FBI or the Secret Service. In its current form, the Cybersecurity Information Sharing Act would require entities to submit these cyber threat indicators through a portal created and run by the Department of Homeland Security in order to receive liability protection. But there are also two exceptions that would allow entities to receive liability protection outside the DHS portal: first, if a submission was related to a previously shared cyber threat indicator, and second, if the submitting entity is sharing information with its Federal regulatory authority. But not every private entity has a Federal regulatory authority, thank goodness, so where a cable company can share with the FCC or an energy company can go to the Department of Energy or FERC, other businesses are forced to go to the DHS portal. Good examples are retailers such as JCPenney, Walmart, Target, and Home Depot. When the trade associations for two victims of the biggest cyber attacks in recent memory--Target and Home Depot--are pleading for this language, we should take notice and incorporate it. Anything else would be unfair, inequitable, and unwise. We ought to give these companies an alternative to the DHS portal.…" @ PoliticalQuotes.com

On the recordOctober 27, 2015

Mr. President, today I speak in support of the Cotton amendment to the Cybersecurity Information Sharing Act. My amendment is straightforward. It simply would provide liability protection to any business or other private organization that shares cyber threat indicators to the FBI or the Secret Service. In its current form, the Cybersecurity Information Sharing Act would require entities to submit these cyber threat indicators through a portal created and run by the Department of Homeland Security in order to receive liability protection. But there are also two exceptions that would allow entities to receive liability protection outside the DHS portal: first, if a submission was related to a previously shared cyber threat indicator, and second, if the submitting entity is sharing information with its Federal regulatory authority. But not every private entity has a Federal regulatory authority, thank goodness, so where a cable company can share with the FCC or an energy company can go to the Department of Energy or FERC, other businesses are forced to go to the DHS portal. Good examples are retailers such as JCPenney, Walmart, Target, and Home Depot. When the trade associations for two victims of the biggest cyber attacks in recent memory--Target and Home Depot--are pleading for this language, we should take notice and incorporate it. Anything else would be unfair, inequitable, and unwise. We ought to give these companies an alternative to the DHS portal.…

Said by

Tom Cotton

Republican · Arkansas

Source

Congressional Record · 2015-10-27