Learn About the New Cybersecurity Bill
On Tuesday, October 27th, the Senate passed the Cybersecurity Information Sharing Act. The bill was passed with a devastating count of 74-21, and was passed in the house 6 months prior.
The reasoning behind the bill is for companies to share information about cyber-attacks with the government, so they can see what happened and help other companies prevent getting attacked in similar ways. Government officials who drafted the bill believe this will help spread information about how companies were hacked, and this will lead to hackers having to find new and creative ways to try to hack again. After spreading the information, the companies can learn about possible mistakes they were making regarding their cybersecurity, or what the need to beef up on.
Some of the disputes with this bill is that it focuses on the private sector. Legally, they do not have to release this type of information, such as which types of viruses or IP addresses were involved in the attack, until now. The problem many have with this bill, especially the tech companies, is that it will lead to privacy issues. Once companies release data about an attack, the FBI, NSA or any other organizations working in conjunction on the case have access to all the personal data that slips through. Civil liberties groups are calling this bill a “surveillance bill in disguise” due to all the personal information the government can get its hands on when an attack is reported and investigated.
It took all day Tuesday to pass the bill because certain amendments were being introduced and dropped continuously. Some include Senator Ron Wyden’s (D- OR), which stated that only credible information pertaining to the threat could be surveyed by the government. However, that amendment to protect people’s privacy did not make it into the final version of the bill. Many companies that will have to comply with the bill believe is it doing nothing to prop up cybersecurity, since companies are not being audited on what type of software they currently have or offered alternatives. Instead, they are being examined after an attack hits, and there is no language in the bill encouraging them to have more advanced software to detect any attacks.
Author: Karen Boehm
Equilibrium IT Solutions, Inc.