Cyber breach legislation may come slowly, but will eventually become law

Legislation that permits sharing cyber breach information eventually will become law, even it does not happen in the near future, experts say.

Julian Sanchez, a research fellow with the Cato Institute in Washington, said, “While it does seem like the Senate is not in a huge hurry to take this up,” at “some point, some version of this is going to come back.”

Gerald J. Ferguson, a partner with law firm Baker & Hostetler L.L.P. in New York, said the proposed the Cyber Intelligence Sharing and Protection Act “is critical for the administration in advancing the goals that it announced in the State of the Union address and the cyber security executive order,” which the administration issued in February.

“It's a framework to permit sharing of information on cyber risks between the government and key industry players, and without this piece in place, I don't see how the administration is going to be able to accomplish its broader goals in terms of developing a national cyber security strategy,'' Mr. Ferguson said. “So I think the administration is going to hold its nose a little bit and sign a bill, even if they would prefer greater protection for civil liberties.”

David LeDuc, senior director of public policy for the Washington-based Software and Information Industry Association, said: “Something has to get done. Everybody realizes this is something we have to do.”