Controversial Cybersecurity Bill Known As CISA Advances Out Of Senate Committee
July 9, 2014
The Senate Select Committee on Intelligence voted Tuesday to approve a controversial cybersecurity bill known as the Cyber Information Sharing Act (CISA). The bill is intended to help companies and the government thwart hackers and other cyber-intrusions. The bill passed by a 12-3 vote, moving it one step closer to a floor debate.
Lawmakers have been struggling for years to move cybersecurity legislation. Civil liberties advocates have opposed CISA, arguing that it fails to adequately shield Americans’ privacy. Proponents of the bill say it will help stop attacks by encouraging data-sharing between businesses and the government. The bill achieves data-sharing by protecting businesses from lawsuits if they voluntarily disclose cyberthreat details for the purpose of assisting government or industry partners.
Last year a similar cybersecurity bill, the Cyber Information Sharing and Protection Act (CISPA) passed the House, but it was met with substantial opposition over a perceived lack of privacy protections. Opponents of CISA are already drawing comparisons between it and CISPA.
According to a statement released by Senate Intelligence Committee Chairman Dianne Feinstein (D-Calif.) and Vice Chairman Saxby Chambliss (R-Ga.), CISA includes the following features:
- Requires the director of national intelligence to increase the sharing of classified and unclassified cyber threat information to the private sector, consistent with the protection of sources and methods.
- Authorizes individuals and companies to monitor their own computer networks and those of their consenting customers for cyber threats and to implement countermeasures to block those threats.
- Authorizes the voluntary sharing of cyber threat information by individuals and companies with each other and with the government. Such sharing is for cybersecurity purposes only and companies must take appropriate measures to protect against the sharing of personally identifying information.
- Puts in place liability protections for individuals and companies that appropriately monitor their networks or share cyber information.
- Requires federal government procedures for the receipt, sharing and use of cyber information. This includes the establishment of a “portal” managed by the Department of Homeland Security through which electronic cyber information will enter the government and be shared with other appropriate federal entities.
- Limits the government’s ability to use information it receives to cyber-related purposes to ensure it does not engage in inappropriate investigations or regulation.
- Requires reports on the implementation of these authorities by the heads of federal departments, the Privacy and Civil Liberties Oversight Board and relevant inspectors general.