After months of legislative deliberation, the Cybersecurity Information Sharing Act (CISA) passed the Senate vote late Tuesday. The bipartisan bill, which came out of the Senate Select Committee on Intelligence, passed with a 74-21 Senate vote and was later supported by President Obama.
CISA encourages companies to share data involving cyberattacks with the federal government. The legislation was put forward in an effort to eliminate the exponentially rising threat of cyber hacking. In essence, the bill encourages companies to share “threat-indicating” information with the Department of Homeland Security if they detect a security breach, which the government would then pass along to other companies to warn them of the attack.
Companies are not required by law to share their information with the government; however, many companies are incentivized to share information because the bill would remove all legal liabilities the company might incur from privacy regulations.
Opponents of CISA, including Apple and privacy-advocate groups, believe the legislation will open the door to unjust sharing of citizens’ personal data. Amendments were put forward that would stipulate stringent restrictions on the type of information shared with the government; however, they were rejected by the Senate during deliberations.
Despite the nation’s current spotlight on cyber security breaches, the motion for an information sharing bill did not originate with CISA. In 2012, a similarly oriented Cyber Intelligence Sharing and Protection Act (CISPA) was proposed and blocked by a Democrat-controlled Senate. The current Republican-controlled Senate, in addition to the slew of major cyber security breaches over the past two years, has now paved the way for the approval of this cyber-sharing legislation.
CISA co-sponsors Sens. Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.) also included measures in the bill that would update – and thereby increase — the Department of Homeland Security’s role in governing cybersecurity. These measures would renovate the DHS’s 12-year-old Federal Information Security Management Act (FISMA) that defines the framework for protecting government information from external threats.
Next steps for the bill involve harmonizing the Senate’s legislation with the bill passed by the House earlier this year.