Senate Cybersecurity Bill Vote Stalled Again

Following months of debate, the U.S. Senate has delayed voting on the Cybersecurity Information Sharing Act, S. 754 (CISA), ahead of its summer recess. As part of an agreement reached on Aug. 5, the Act will be back on the Hill this month and will carry a number of new amendments when it resurfaces. The bill was introduced in March.

If passed, CISA would offer incentives to organizations that shared details with the government and others concerning threat patterns or breaches they've identified. Incentives include protection from investigation and subsequent lawsuits.

But while supporters say the information provided in these exchanges would aid in the identification and protection from certain threats, privacy advocates warn that sharing large volumes of information without explicit instructions to remove personally identifiable information would do more harm than good.

Supporters point to recent cybersecurity breaches including those at the Office of Personnel Management, Target, and Sony Pictures, saying that similar events could be prevented if the victims of past incidents were incentivized to share how their defenses failed.

In a letter to President Obama in July, more than 30 organizations and technology companies asked for President Obama's commitment to veto the bill. The group said: “CISA fails to offer a comprehensive solution to cybersecurity threats. Further, the bill contains inadequate protections for privacy and civil liberties.

Additional criticisms were levied by the Department of Homeland Security (DHS), one of the government organizations that would be utilizing the information shared by organizations. The department indicated in a letter to Minnesota Senator Al Franken that the bill placed no stipulations on the quality of the information shared, making the process of sorting through shared data more complicated and potentially fruitless.

Chris DiMarco writes for Legaltech News, an ALM sibling of e-Commerce Law & Strategy.

Following months of debate, the U.S. Senate has delayed voting on the Cybersecurity Information Sharing Act, S. 754 (CISA), ahead of its summer recess. As part of an agreement reached on Aug. 5, the Act will be back on the Hill this month and will carry a number of new amendments when it resurfaces. The bill was introduced in March.

If passed, CISA would offer incentives to organizations that shared details with the government and others concerning threat patterns or breaches they've identified. Incentives include protection from investigation and subsequent lawsuits.

But while supporters say the information provided in these exchanges would aid in the identification and protection from certain threats, privacy advocates warn that sharing large volumes of information without explicit instructions to remove personally identifiable information would do more harm than good.

Supporters point to recent cybersecurity breaches including those at the Office of Personnel Management, Target, and Sony Pictures, saying that similar events could be prevented if the victims of past incidents were incentivized to share how their defenses failed.

In a letter to President Obama in July, more than 30 organizations and technology companies asked for President Obama's commitment to veto the bill. The group said: “CISA fails to offer a comprehensive solution to cybersecurity threats. Further, the bill contains inadequate protections for privacy and civil liberties.

Additional criticisms were levied by the Department of Homeland Security (DHS), one of the government organizations that would be utilizing the information shared by organizations. The department indicated in a letter to Minnesota Senator Al Franken that the bill placed no stipulations on the quality of the information shared, making the process of sorting through shared data more complicated and potentially fruitless.

Chris DiMarco writes for Legaltech News, an ALM sibling of e-Commerce Law & Strategy.