Sen. Bernie Sanders (I-VT) was the only presidential candidate to vote against the bill, according to The Guardian. Sen.
Advertisement
In the ongoing debate over the controversial Cybersecurity Information Sharing Act (CISA), Visa has made it clear exactly where it stands when it comes to the use of information sharing to improve the country’s cyber defense.
“This bill will provide important liability protections for companies that choose to exchange cybersecurity threat information”, Kurtz said.
The legislation was reported by the Senate Intelligence Committee by a bipartisan vote of 14-1 on March 3 and was passed by the Senate on Tuesday by a bipartisan vote of 74 to 21.
The idea seems good on first glance, but the very companies the bill is created to protect are speaking out against it over concerns that it strips away the privacy of their customers. The bill says companies can share data about cybersecurity threats-a term that’s vaguely defined in a way that could include nearly any information-with the government “notwithstanding any other provision of law”.
The Wyden Amendment, put forth by Sen. In addition, HITRUST said the legislation offers companies safe harbor against “frivolous lawsuits” when they share threat information and when implementing plans to mitigate attacks.
Senator Heller had an amendment that was basically a backstop against the Wyden amendment, saying that if the Wyden amendment didn’t pass, Homeland Security would be responsible for removing such personal information. Senator Leahy had an amendment that would have removed FOIA exemptions in the bill (making it much less transparent how CISA was used). Tom Cotton, R-Ark. and Chris Coons, D-Del., were also heavily defeated, but a managers’ amendment — a package of changes backed by the bill’s authors – passed, as did the whole bill.
As Brian Krebs points out, “The most frustrating aspect of a legislative approach to fixing this problem is that it may be virtually impossible to measure whether a bill like CISA will in fact lead to more information sharing that helps companies prevent or quash data breaches”. This means that there is still time for privacy protections to be added or for the bill to die completely.
Advertisement
But sharing with a central government clearinghouse worries privacy advocates who fear agencies such as the NSA will scoop up the shared data and somehow de-anonymize it, putting at risk the privacy of data businesses were entrusted to keep, says Ari Schwartz, the former White House Senior Director for Cybersecurity, now Managing Director of Cybersecurity Services for Venable. The two bills still need to be combined in a few manner before they can become law.
