Painful hacks lead to Senate passage of controversial cybersecurity bill
October 28, 2015 | By
Barbara Vergetis Lundin
Yesterday afternoon, the United States Senate voted 74 to 21 to pass the Cybersecurity Information Sharing Act (CISA), which would allow companies to share cybersecurity threats with the Department of Homeland Security, the FBI and NSA.
The vote paves the way for the legislation to be signed into a law that would allow Homeland Security and others to use the information to defend a target company and other companies facing similar attacks. The passage was fueled, in part, by a massive hack of the Office of Personnel Management (OPM), among others like Anthem/Blue Cross and Sony, over the last year. CISA, as passed, included all five key steps of the bipartisan Collins-Warner bill, introduced by Senators Susan Collins (R-ME) and Mark Warner (D-VA) in June 2015 following the cyber attack at OPM -- bolstering the Department of Homeland Security's authority to protect federal civilian networks. "The attack on OPM has been a painful example of how behind-the-curve many federal agencies have become when it comes to effective cybersecurity," Senator Warner, who is also a member of the Senate Select Committee on Intelligence, said. "These breaches allowed cyber attackers to access personal information of more than 22 million federal employees and others. If we want to be better prepared to meet this threat in the future, we have to make sure that the Department of Homeland Security has the tools it needs to adequately secure our federal civilian networks. This bipartisan amendment empowers DHS to deploy effective tools to better ensure that government agencies are properly protected." The U.S. investor-owned utility industry commended the passing of S. 754. "The electric power sector already engages in significant information-sharing activities and has in place mandatory and enforceable reliability and cybersecurity standards," said Tom Kuhn, president of the Edison Electric Institute (EEI), the organization representing U.S. investor-owned utilities. "Still, there remains a great need for the government and industry to better share actionable security information in a timely and confidential manner." Retailers, like utilities, have a huge stake in this as well and are, not surprisingly, also urging swift action in getting the legislation signed into law. "Today was a win for retailers and those committed to stepping up the fight against overseas hackers and cyber thieves targeting American businesses and our customers. Cyber-attacks are not going away; in fact, hackers are only growing more sophisticated in their ability to attack businesses, institutions, and governments," said Nicholas Ahrens, vice president of privacy and cybersecurity for the Retail Industry Leaders Association (RILA). "Common-sense legislation that gives businesses the tools and legal protections needed to share cyber-threat indicators is a step in the right direction to thwart future attacks. We urge Congress to finish the job and get this legislation to the President's desk as quickly as possible." Despite the support, the bill has its opponents who cite privacy concerns, claiming the CISA a "surveillance" bill for the government. Senate Select Committee on Intelligence (SSCI) Chairman Richard Burr (R-NC) and Vice Chairman Dianne Feinstein (D-Calif.) dispute this claim in a recently released fact sheet based mainly on the idea that all information sharing under the bill is completely voluntary. "The bill approved offers a constructive framework for bi-directional information sharing that will strengthen America's cyber defenses. We hope the Senate and House of Representatives will work together quickly to pass a cybersecurity bill into law that will enable businesses to work together to prevent cyberattacks," said CTIA-The Wireless Association Vice President of Government Affairs Jot Carpenter. "We believe that CISA provides a framework necessary to foster even more meaningful information sharing while maintaining the proper balance between liability and privacy protections." For more: © 2015 FierceMarkets, a division of Questex, LLC. All rights reserved. |