Cybersecurity Bill Heads Back To Capitol Hill: 10 Things Every Security Solution Provider Should Know

CISA Bill Back On The Radar

The Cybersecurity Information Sharing Act of 2015 is reportedly coming up for a vote again soon in Congress, bringing hot-button issues around security and information sharing to the forefront. Major tech giants that solution providers partner with, such as Apple, Google and Dropbox, are loudly voicing their concerns about the bill, saying that it threatens information privacy. Meanwhile, supporters say that better information-sharing support between the public and private sectors will help facilitate better security for all involved. As the bill heads to the floor for a vote, here's what security solution providers need to know about what's happening on Capitol Hill.

What Exactly Is The Bill?

At its most basic level, CISA is a bill designed to promote information sharing between the public and private sectors. The bill would set up a system for threat intelligence information sharing between the sectors (headed up by the Director of National Intelligence). The bill would provide immunity against privacy and antitrust laws preventing such sharing, and, once shared, would allow the government to use the data to prevent attacks of all sorts, including cyber, terrorist, economic and more. Nonrelevant personally identifiable information would theoretically be stripped from threat intelligence shared, but can be used if it is not removed.

When Is The Vote Coming?

The bill was first introduced July 10, 2014. It passed the Senate Intelligence Committee in March, but because of the summer recess it was shelved until discussions around it resumed recently. The bill is now moving off the back burner and onto the floor, with discussions expected to resume this week after the one-week recess that ended on Monday, according to Politico.

Why Are People Up In Arms About It?

A lot of the anger around the CISA bill stems from its vagueness. Those opposing the bill say that the vague language of the bill around information privacy does not adequately limit the government's ability to use the information for intelligence or other purposes. With provisions in the law for the Department of Homeland Security to share information with "relevant entities," many opponents are concerned that the information could be used for surveillance purposes with the FBI or NSA.

Who Is Against It?

The list of major companies speaking out against the bill grows every day. So far, the list of companies that have publicly announced their opposition to the bill, according to advocacy group Decide The Future, includes Apple, Google, Twitter, Yelp, Salesforce.com, Wikipedia, Dropbox, Mozilla, Yahoo, Adobe, Amazon, Dell, Microsoft, Netflix and Oracle. Another, slightly surprising party speaking out against the bill is the Department of Homeland Security, which says it could remove "important privacy protections," according to an article by the Guardian.

A History Of Information-Sharing Animosity

The CISA bill is only the latest example of a history of animosity between the public and private sectors around information sharing, encryption and other security-related issues. At this year's RSA Conference in San Francisco, Department of Homeland Security Secretary Jeh Johnson took the stage to appeal to the security industry about the need for the public and private sectors to work together.

"Cybersecurity must be a partnership between us in government and those in the private sector. There are things government can do for you, and there are things government needs you to do for us, frankly," Johnson said in his keynote address at the event.

The relationship between the two parties, however, is complicated by revelations in recent years about NSA spying, brought forward by Edward Snowden, which partners say have eroded much of the trust between technology companies and the public sector.

Who Is Supporting It?

The CISA bill is co-sponsored by Sen. Richard Burr and Sen. Dianne Fienstein, chairman and vice chairman of the Senate Select Committee on Intelligence, respectively. Reports by various news organizations say that around 70 other senators also support the bill. According to Decide The Future, companies such as Intel, AT&T, Verizon, HP, Comcast, IBM, Cisco and Xerox have either expressed their support for the bill or lobbied for earlier versions of it.

Why Do We Need This?

Supporters of the bill say that information sharing is necessary for the security industry to step up its game against attackers. Supporters say that the information sharing is entirely voluntary and would remove any personally identifiable information from the data before submission. By collecting all the information from disparate vendors into one database, they say there can be better threat intelligence to combat the latest attacks.

Are There Other Similar Bills In The Works?

There are two related bills in the work. The Cyber Threat Sharing Act, which is still in committee, also facilitates the sharing of information between the public and private sectors, with the difference being that more emphasis is placed behind the DHS for facilitating the data and includes limits on how the data is used. The Protecting Cyber Networks Act has been passed by the House of Representatives but not the Senate and also includes provisions for cyberthreat data sharing. However, it prevents that data from being shared with the Department of Defense (parent of the NSA).

There have also been a similar bill in the past, which failed to pass into law three times, known as the Cyber Intelligence Sharing and Protection Act.

When Can We Expect A Decision?

There is no exact date set for a vote, but discussions in Congress were supposed to resume this week after a recess that ended Oct. 19, according to Politico. Other reports say that an official vote on the bill could come as early as next week.

Where You Can Find More Information

The full text of the bill and updates can be found on the Congress.gov website.