Cybersecurity

DHS secretary backs cyber liability protections

Liability protection for private companies is a crucial element to improving the U.S. cybersecurity posture, a top administration official told lawmakers Thursday.

Homeland Security Secretary Jeh Johnson endorsed the idea of a legal safe harbor in multiple comments before a House Appropriations subcommittee.

{mosads}“That is something we support doing,” Johnson said during the hearing. “If we are to make significant advances here, some kind of liability protection provided by Congress is appropriate. I’m a big proponent of that.”

Lawmakers are working on three bills to boost data-sharing about cyber threats between the public and private sectors, and all three include some form of liability protection.

The measures are being offered by the Senate Intelligence, House Intelligence and House Homeland Security Committees.

Two of the three bills would make the Department of Homeland Security (DHS) the primary interface for data exchange. The third would leave it to the White House to decide, which would likely result in the same outcome.

Greater threat-sharing is a top priority for lawmakers, industry groups and government officials.

Johnson praised lawmakers for advancing legislation that would “codify the role of DHS” in the process, and warned that even the most knowledgeable private companies are vulnerable to cyberattacks.

“If an individual employee is vulnerable to an act of spear-phishing, that can lead to a major, major intrusion,” he said. “I’ve seen that happen in the most sophisticated government agencies and in the private sector.”