Jan 11 2016

Long Awaited Cybersecurity Bill – CISA 2015

The Cybersecurity Information Sharing Act (CISA) of 2015 recently became law before the new year. The proposal, while controversial, has evolved into what amounts to Congress’s first major policy response to cyber attacks that have hit Target, Home Depot, JPMorgan Chase, and Sony Pictures, as well as government agencies.

Information-sharing legislation has failed in Congress for years amid privacy advocates’ concerns about broadening the surveillance of U.S. citizens by giving more data to the National Security Agency, the government’s electronic surveillance department.  The privacy advocates argument is interesting, and if you wish to read more about it I suggest the following CNN article: http://www.cnn.com/2015/12/18/politics/cybersecurity-house-senate-omnibus/index.html

Here are some key takeaways from CISA:

  • Private entities that share data with the U.S. government for cybersecurity purposes will get more protection from consumer lawsuits.
  • Private entities that share cyber threat information with the federal government are exempt from antitrust laws (excluding price-fixing, monopolizing markets, etc.). Additionally, when sharing information per the DHS sharing guidelines, private entities receive liability protections.
  • Cybersecurity incident information shared with the federal government is exempt from disclosure and withheld from the public.
  • Information shared with the federal government cannot be used to regulate the lawful activities of entities.

So, what does this all mean for your business? CISA is based around voluntary sharing of information. CISA does not require private entities to share information with federal government for cybersecurity purposes. It is your impetus to do so.

Protecting our country from a cybersecurity standpoint is a massive endeavor for the U.S. government to tackle, especially since it’s relatively new territory (not to mention incredibly complex and dynamic). For the Fed, the best way to address this challenge is to collaborate with the private sector, and that’s exactly what CISA is all about – making it easier for all of us to communicate and work together to keep our country safe.

As always, if you’d like to understand how the developing law effects your company and what you should be doing, feel free to contact us here!