THE PRECISE ACT- Establishing US Cyber Security Policy

7 02 2012

by Brad Clawson
As the Bradley Manning court martial and President Obama’s recent reference to cyber security in the State of the Union Address draw national attention to this issue, Congressional staffs have been busy developing legislation to protect American networks.  The House of Representatives Homeland Security committee is through marking up a new bill entitled “Promoting and Enhancing Cyber-security and Information Sharing Effectiveness Act” or the PRECISE ACT for short.  While there a number of bills working their way through the Congressional Subcommittees, this one is gaining momentum and may soon be put to a vote on the House Floor.
To date no substantial legislation has been passed regarding cyber-security. Fortunately, it appears bi-partisan politics does not play a significant role in this lack of activity, rather this is a very difficult problem and any efforts have largely remained within the Department of Defense.   A key challenge to providing more effective regulation of the civilian IT infrastructure is that there is the potential to violate personal privacy and civil liberties as government agencies become more proactive in monitoring and sharing potential threats. The PRECISE ACT attempts to minimize any potential impact while clearly establishing the government in a position of regulatory leadership.  Should this bill eventually be passed into law it would be the first public private initiative to protect America’s networks and help facilitate widespread adoption of new standards.
Outlined below are the key aspects of the bill:
1.  Department of Homeland Security (DHS) identified as the lead agency for the US non-military government agencies and the civilian sector.  This will help clarify Departmental responsibility as well as provided a dedicated budget authority to support cyber security initiatives.
2. Creates a non-profit National Information Sharing Organization or NISO . This organization will be responsible for the “exchange of vital cyber-threat information, best practices and technical assistance among its private-sector and government members; create a common operating picture of the network enabled by its most sophisticated member, Internet service providers and the government.”[1]
3. The PRECISE Act will force DHS to work with the private sector and regulatory agencies to identify “internationally recognized, consensus developed risk-based performance standards to address cyber security risks.”  How exactly this will be implemented remains to be scene but analysts seem to consider this approach to be much less intrusive to other measures being prepared in the Senate.[2]
4. A specific provision to restrict sharing any “ personally identifiable” information in an attempt to protect privacy.
This bill appears to be a good start in facilitating government and private enterprise efforts while minimizing implementation cost.  It appears to be more moderate version of the Cyber Intelligence Sharing and Protection Act being considered. This act would allow for greater information flow between private enterprise and government organizations.  While this has the potential to provide greater discourse and threat communication, there are concerns about the unrestricted release of data. This interchange draws immediate criticism from civil liberties groups that are focused on protecting the privacy of American Citizens.
While additional debate and changes are expected to occur on the PRECISE ACT it appears it will be a leading candidate to address the widespread cyber security concerns. While it may lack the depth and more formal information sharing methods concerning attacks, it is clear that attention was given to provide a viable balance between regulation and civil liberty protection.  If this approach should become law it appears capable of driving communications and cooperation across public and private organizations.

[1] Eric Chabrow, “House Panel Approves Cyber security Bill”, Bank Info Security, February 1, 2012, (accessed February 5, 2012).
[2] Greg Nojeim, “Lungren Cybersecurity Bill Takes Careful, Balanced Approach”,Center for Democracy and Technology, February 2, 2012, (accessed February 5, 2012).




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: