What you need to know about the Cybersecurity Information Sharing Act.
After months of predictions and discussions, Congress passed the Cybersecurity Information Sharing Act (CISA) late last year as part of a large federal spending bill. The aim of the bill is to address growing concerns of cyberattacks and advanced hacking.
However, it has come with a fair amount of controversy, with its opponents raising concerns that the bill will unnecessarily invade consumer privacy. Here’s what you need to know about the act’s passage.
What Is the Bill Supposed to Do?
The Cybersecurity Information Sharing Act aims to help private companies fight back against hacking incidents. Specifically, it should increase the amount of sharing regarding which suspicious IP addresses or malware were responsible for a particular cyberattack.
Under CISA, companies that share this information with the government would be given protection against lawsuits from customers, who might worry about their private information being handed over to the authorities.
The goal, proponents say, is to encourage companies to share information about cyber threats as quickly as possible, stopping attacks from happening to someone else.
Does CISA Address the Right Cybersecurity Issues?
This is where things get a bit murky. Those on each side of CISA have very different opinions on whether or not it will do what it hopes to do for cybersecurity. In fact, many companies already share information regarding cyberattacks, both with other companies and with the federal government. This fact leads some to question the utility of CISA.
However, it does give new authority for Homeland Security to share company cybersecurity reports with the National Security Agency (NSA), among other governmental agencies. As of now, it is difficult to determine how this change will affect cybersecurity.
What Do the Critics Say?
Opponents of CISA worry that it will do little to nothing to support cybersecurity, while increasing the abilities of the NSA and other agencies to perform surveillance on companies and individuals.
Many large companies and corporations support the bill, citing the benefit of expanded liability protections from the government concerning the release of private information.
However, other groups are not so happy about CISA. In particular, two major technology trade groups, the Computer and Communications Industry Association and BSA | The Software Association, publicly oppose CISA. These groups represent several large Internet and software companies, including Google, Facebook, Microsoft and Apple. Time will only tell which side is right about the bill.