Cybersecurity Information Sharing Act - Is It Enough?
On October 27, 2015 the Senate passed the long awaited Cybersecurity Information Sharing Act (CISA) by a vote of 74-21. CISA is designed to help prevent massive data breaches of customer information by providing liability protection to businesses if they share their breach information with the government, namely the Department of Homeland Security. Earlier this year the House passed two other cyber security bills, The National Cybersecurity Protection Act and the Protecting Cyber Network Act. Despite their differences, many in Congress believe the three bills are close enough to merge into one compromised cybersecurity bill that the President will sign.
While most agree that CISA is a good start, many question if the bill will go far enough in providing consumer data protections against network breaches. There are a few issues that this legislation creates and fails to address. One of the greatest issues is the fact that this information sharing is voluntary, so companies don’t have to participate. If they do participate in sharing their information with the government and competitors, it would share information through an information warehouse maintained by the Department of Homeland Security. In order to receive liability protection, companies would have to ensure that the data sent to the warehouse doesn’t contain any personally identifiable information. (If the company gets that wrong, they could be without legal protection. ) Then, the DHS will compile the information and send alert or threat indicators out on hackers and other breach activities. As of now, the bill requires that the DHS hand over the threat indicators to other government agencies like the FBI and NSA. This creates another issue for companies, specifically internet companies, who are concerned that their customers will see this as just an extension of government surveillance programs due to the vague definitions around who and how the information is accessed and used.
With the hostile discourse in Congress, it speaks volumes about the gravity of our cyber security issues when the Congress and the President agree on something and actually pass legislation. So regardless, of the flaws in CISA, at least we’re on the right track in creating a platform for businesses to operate in an ever changing cyber world.
- Cyber & Privacy Liability Series: Part 1 Webinar Replay
- Cyber & Privacy Liability Series: Part 2 Webinar Replay
- 10 Tips for Buying Cyber Insurance
- Private Companies Must Wake Up on Cyber Liability Insurance
ABOUT THE AUTHOR