Cybersecurity or surveillance? What does the language attached at the last minute to the 2,009 page omnibus government funding bill actually authorize? In this episode, we take a close look at what just became law.   Please support Congressional Dish: Click here to contribute with PayPal or Bitcoin; click the PayPal "Make it Monthly" checkbox to create a monthly subscription Click here to support Congressional Dish for each episode via Patreon Mail Contributions to: 5753 Hwy 85 North #4576 Crestview, FL 32536 Thank you for supporting truly independent media! Cybersecurity Act of 2015 The Cybersecurity Act of 2015 was attached at the last minute to the "omnibus" government funding bill, which was 2,009 pages long and available to read for less than three days before it became law. This is and outline of what became law: TITLE I: Cybersecurity Information Sharing Act of 2015 Section 102: Definitions "Agency": "Any executive department, military department, Government corporation, Government controlled corporation, or other establishment in the executive branch of Government" Does NOT include the Government Accountability Office, Federal Election Commission, or Government-owned contractor-operated facilities "Cybersecurity threat": An action that "may result in an unauthorized effort to adversely impact the security, availability, confidentiality, or integrity of an information system or information that is stored on, processed by, or transiting an information system". "Cyber threat indicator": "Information that is necessary to describe or identify"... Spying, including strange patterns of communications that appear to be collecting technical information Security breaches Security vulnerabilities A legitimate user being used to defeat a security system Malicious cyber command and control "The actual or potential harm caused by an incident, including a description of the information exfiltrated as a result of a particular cybersecurity threat" "Any other attribute of a cybersecurity threat, if disclosure of such attribute is not otherwise prohibited by law" "Non-Federal entity": "Any private entity, non-Federal government agency or department, or State, tribal, or local government (including a political subdivision, department, or component thereof)" Does not include a foreign power, as defined in the FISA law Section 103: Sharing of Information by the Federal Government Procedures for sharing information both within and outside the Federal government will be created by: Director of National Intelligence Secretary of Homeland Security Secretary of Defense Attorney General The procedures developed must... Allow real time sharing of information Include requirements for the government to protect the information from unauthorized access Require Federal entities to review cyber threat indicators for information not directly related to the threat that contains information that identifies a specific individual and remove the information Include procedures for notifying "any United States person" whose information has been shared by the Federal government Section 104: Authorizations for Preventing, Detecting, Analyzing, and Mitigating Cybersecurity Threats "A non-Federal entity may... share with, or receive from, any other non-Federal entity or the Federal Government a cyber threat indicator or defensive measure" Non-Federal entities sharing information mush "review" the information for "personal information of a specific individual" and "remove such information" OR have a technical way of removing the information it "knows at the time of sharing" to be personal information. Use of Cyber Threat Indicators by Government State, tribal, or local governments and the Federal Government can use the information they receive for... Cybersecurity Preventing a specific threat of death, serious bodily harm, or specific threat of serious economic harm Investigating, prosecuting, and preventing serious