House passes cybersecurity bill

The measure would make it easier for private companies to share information about cybersecurity threats with one another as well as the government.

The US House of Representatives passed a bill Wednesday designed to prevent future cyber-attacks by allowing companies to share cyber threat information with each other and the government.

The Protecting Cyber Networks Act, which passed 307 to 116, would provide legal liability protections for companies that share cyber threat information. The new system is designed to act as a “real-time immune system” against hacker attacks, allowing companies to warn one another via government intermediaries about the tools and techniques of advanced hackers, according to a report from Wired.

The legislation, which follows recent high-profile attacks at places like Target and JP Morgan, must still be passed by the Senate and signed by President Barack Obama to become law. The bill is generally supported by the White House and is similar to a measure approved by the Senate Intelligence Committee and headed to a vote this spring.

Cybersecurity has been a top priority among private equity firms of late, and “reducing cyber threats is an important objective within the industry,” noted James Maloney of the Private Equity Growth Capital Council. He declined to comment on the likelihood of the bill passing in Congress.

Cybersecurity has especially been of interest as the US Securities and Exchange Commission (SEC) has continued its sweep of registered investment advisers to review their security policies. The SEC is expected to launch “phase two” of its cybersecurity sweep this summer, or October at the latest, with onsite exams and “in-depth” investigations into a few cybersecurity areas.

The vast majority of registered investment advisers now have written information security policies in place, but significantly less conduct periodic risk assessments on third-party vendors with access to their firms’ networks, the commission said after releasing its phase one findings.

The SEC concluded that a majority of advisers have implemented basic cybersecurity strategies – such as including a cyberattack as part of their business continuity planning – but that few firms were reporting fraudulent emails to the Financial Crimes Enforcement Network and following other advanced cybersecurity best practices.