With the potential to bring big changes for businesses, a bill that would encourage companies to share data about cyberthreats with the government moved out of a Senate committee for consideration by the full Senate.
The Cyber Information Sharing Act (CISA) was passed in a 12-3 vote by the Senate Select Committee on Intelligence despite opposition from privacy advocates concerned about the sharing of data.
Backers of the bill argue that the creation of a safe harbor for businesses that voluntarily disclose cyberthreats for the purpose of assisting government or industry partners will thwart hackers and other cybercrime and that appropriate privacy protections have been built into the legislation.
The bill was introduced by Sens. Dianne Feinstein (D-Calif.) and Saxby Chambliss (R-Ga.) in response to what they called the “massive and growing” threat from cyberattacks on retailers and banks.
Information sharing would work both ways under the legislation. The director of national intelligence would increase the sharing of both classified and unclassified cyberthreats with the private sector, while businesses would be encouraged to voluntarily pass along data with other companies and the government.
“To strengthen our networks, the government and private sector need to share information about attacks they are facing and how best to defend against them,” Sen. Feinstein said in a statement after the bill was approved by the committee. “This bill provides for that sharing through a purely voluntary process and with significant measures to protect private information.”
To read the CISA, click here.
Why it matters: The bill now moves before the full Senate for consideration with significant backers – and opposition. Groups like the Retail Industry Leaders Association and the American Bankers Association voiced their support, while privacy organizations, including the Electronic Frontier Foundation and the American Civil Liberties Union, expressed concern about the potential for government use of the data for purposes other than cybersecurity.