The 2,000-plus page FY16 omnibus appropriations bill approved by Congress last week includes several “policy riders” of interest to water and wastewater systems. Among the notable additions was a compromise cybersecurity information-sharing bill that bridges the differences between House and Senate versions of cyber legislation approved by each chamber earlier this year. The final measure, known as the “Cybersecurity Information Sharing Act,” establishes voluntary procedures for computer network operators to share cyber threat information with each other and with the federal government. The bill also provides liability protections for network operators that carry out lawful activities associated with sharing information, monitoring networks for cyber threats or undertaking “defensive measures” that detect, prevent or mitigate a known or suspected cyber threat.
The cybersecurity legislation specifically lists public water utilities among the entities eligible to engage in information sharing, cyber monitoring and defensive activities. The bill also directs the federal government, when establishing processes to promote timely cyber threat information sharing, to “incorporate … existing processes and existing roles and responsibilities … for information sharing by the Federal Government, including sector specific information sharing and analysis centers.”