Site   Web

March 13, 2015

Senate Committee Approves Threat-Sharing Cyber-Security Bill

Image courtesy of (Stuart Miles) /

A U.S. Senate committee has endorsed a controversial cyber-security bill that encourages companies to share information about online threats both with other firms and the federal government.

The Cyber-Security Information Sharing Act (CISA), which was approved in a 14-1 vote Thursday by the Senate Select Committee on Intelligence (SSCI), offers protections to companies against lawsuits if they choose to share cyber-security data.

The idea behind the bill is, the more companies that share data, the easier it will be for them and the government to defend against the ever-growing threat of data breaches.

Despite criticism from privacy advocates, SSCI Chairman Richard Burr (R-NC) insists the bill is necessary to help safeguard America.

“Recent cyber-attacks against Sony, Anthem, and others have shown that our cyber adversaries consider nothing off limits,” Burr said in a statement.  “This bill is the result of extensive effort across multiple Congresses, including last year’s legislative push that nearly crossed the finish line.  Earlier this year, the vice-chair and I revisited last year’s legislation, hoping to examine ways to improve that already good product, and to incorporate additional input from the business sector, privacy and civil liberties advocates, and the Administration.  This current bill is critically important both for our agencies that keep the country safe, and the institutions that hold millions of Americans’ personal information.”

The voluntary sharing program includes numerous privacy protections to prevent over-sharing or government misuse of shared information, Burr said, adding that the program requires the removal of personal information prior to the sharing of cyber-threat data.

Senator Ron Wyden, D-Ore., the one vote against the bill Thursday, said it does not go far enough to address the privacy rights of American consumers.

“If information-sharing legislation does not include adequate privacy protections then that’s not a cyber-security bill – it’s a surveillance bill by another name,” Wyden said in a press release. “The most effective way to protect cyber-security is by ensuring network owners take responsibility for security. Strong cyber-security legislation should make clear that government agencies cannot order U.S. hardware and software companies to build weaker products, as senior FBI officials have proposed. I am concerned that the bill the U.S. Senate Select Committee on Intelligence reported today lacks adequate protections for the privacy rights of American consumers, and that it will have a limited impact on U.S. cyber-security.”

The bill, which will not be available to read until all amendments have been incorporated, still has quite a way to go before becoming law. It must pass a vote in the full Senate before heading to the Congressional House of Representatives for approval. It must also get the OK from the president before becoming law.

This is not the first time such a bill has been pushed. Similar legislation, dubbed the Cyber Intelligence Sharing and Protection Act, failed to pass through Congress in 2013 due to concerns on the amount of information it would permit companies to share.

U.S. President Barack Obama himself is pushing Congress to approve a bill to give cyber-security more teeth and has allocated $14 billion to his 2016 budget proposal to make it a reality.

If the $14 billion were to get the green light from Congress, the funds would be used to better protect the government and private sector from cyber-threats such as those that hit U.S. companies like Target and Sony Entertainment in 2014.

More details are offered up in Obama’s Comprehensive National Cyber-security Initiative (CNCI), outlined on the White House’s website.


Jennifer Cowan is the Managing Editor for SiteProNews.