The U.S. Senate recently passed the Cybersecurity Information Sharing Act (CISA), a bill that would increase cyberthreat information sharing between the government and the private sector.
CISA requires the Director of National Intelligence, the Department of Homeland Security, the Department of Defense and the Department of Justice to develop procedures to promote the timely sharing of classified and declassified cyber threat indicators in possession of the federal government with private entities, non-federal government agencies, or state, tribal, or local governments.
In addition, the bill allows private entities to share and receive cyberthreat indicators and defensive measures with other entities, including the federal government.
CISA also provides liability protections to entities that monitor and share information in accordance with the bill, “provided that the manner in which an entity shares any indicators or defensive measures with the federal government is consistent with specified procedures and exceptions set forth under the DHS sharing process.”
CISA Opposition
While the bill aims to facilitate timely cyberthreat information sharing between the private sector and the government, the bill “does not sufficiently protect users’ privacy or appropriately limit the permissible uses of information shared with the government,” according to the Computer & Communications Industry Association, a nonprofit membership organization for a wide range of companies in the computer, Internet, information technology and telecommunications industries.
“It is important to note that while appropriately constructed cybersecurity information sharing legislation can provide a more efficient regime for the voluntary sharing of appropriately limited information between the private sector and government, it is not the only means through which information sharing can occur,” CCIA says.
Tech companies including Apple, Dropbox, Yelp, reddit and Twitter have spoken out against the bill.
Next Steps
The White House has spoken in favor of CISA, stating that “an important building block for improving the nation’s cybersecurity is ensuring that private entities can collaborate to share timely cyber threat information with each other and the federal government.”
The Obama Administration supports passage of the bill, saying it will continue to work with Congress as the bill moves through the legislative process to ensure further changes are made to the bill, such as preserving the leadership of civilian agencies in domestic cybersecurity.
According to online newspaper the Daily Dot, now that CISA has passed the Senate, the two houses of Congress must meet in a conference committee to agree on final legislative language between CISA and two House-passed cybersecurity bills, the Protecting Cyber Networks Act and the National Cybersecurity Protection Advancement Act, given the differences between the bills.
Is your organization prepared to assess their Cybersecurity readiness? ADAPTURE will test your organization’s readiness against the Cybersecurity Framework (CSF). Our project delivery method follows the cybersecurity management program. At each point in the cycle, we address a corresponding CSF-centered focus. This framework is designed to complement, not replace or limit, an organization’s risk management process and cybersecurity program. To test your organization’s Cybersecurity Framework readiness, contact ADAPTURE today.