Senate OKs Cybersecurity Bill Encouraging Info Sharing (Oct. 28, 2015)
The Senate has approved a cybersecurity bill that would make it easier for the private sector and governmental agencies to share information about potential cyberthreats. The Cybersecurity Information Sharing Act (CISA) passed yesterday by a vote of 74-21, after several failed attempts to advance the bill. The Senate will now conference with the House of Representatives, which passed its own companion legislation in April, to develop a combined bill and send it to President Obama’s desk to be signed into law.
First proposed in 2014, CISA encourages private companies to share information about cyberthreats with each other and the government by offering incentives, including antitrust and legal protections, to firms that do so. The bill drew wide support from payments providers and merchants, who said CISA provided the legal protections necessary to share information and safeguard against threats, especially in the midst of increasingly common and large-scale cyberattacks against retailers and financial services providers. Visa Inc. called the Senate’s passage of CISA “a significant step forward in protecting payment data networks, as well as the personal privacy of our citizens.”
But many privacy and civil liberties groups opposed the bill on the grounds that it would enable the government to gather too much personal information. And though the bill passed by a wide margin, some senators had argued for amendments to increase protections for individual privacy and provide recourse for privacy breaches. Those proposed amendments were left out of the final bill, with CISA supporters claiming privacy concerns already had been sufficiently addressed and that any further change could upset the delicate balance needed to protect privacy while also defending against cyberattacks.