HOME

TheInfoList



Click Here for Items Related To - Cybersecurity Information Sharing Act
OR:
Cybersecurity Information Sharing Act on:   [Wikipedia]   [Google]   [Amazon]

The Cybersecurity Information Sharing Act (CISA
13th Congress 13th Congress may refer to: * 13th Congress of the Philippines (2004–2007) * 13th Congress of the Russian Communist Party (Bolsheviks) (1924) * 13th National Congress of the Chinese Communist Party (1987) * 13th National Congress of the Kuominta ...
14th Congress is a
United States federal law The law of the United States comprises many levels of codified and uncodified forms of law, of which the most important is the nation's Constitution, which prescribes the foundation of the federal government of the United States, as well as ...
designed to "improve
cybersecurity Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, th ...
in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes". The law allows the sharing of Internet traffic information between the U.S. government and technology and manufacturing companies. The bill was introduced in the
U.S. Senate The United States Senate is the upper chamber of the United States Congress, with the House of Representatives being the lower chamber. Together they compose the national bicameral legislature of the United States. The composition and powe ...
on July 10, 2014, and passed in the Senate October 27, 2015. Opponents question CISA's value, believing it will move responsibility from private businesses to the government, thereby increasing vulnerability of personal private information, as well as dispersing personal private information across seven government agencies, including the NSA and local police. The text of the bill was incorporated by amendment into a consolidated spending bill in the U.S. House on December 15, 2015, which was signed into law by President
Barack Obama Barack Hussein Obama II ( ; born August 4, 1961) is an American politician who served as the 44th president of the United States from 2009 to 2017. A member of the Democratic Party (United States), Democratic Party, Obama was the first Af ...
on December 18, 2015.


History

The Cybersecurity Information Sharing Act was introduced on July 10, 2014 during the 113th Congress, and was able to pass the
Senate Intelligence Committee The United States Senate Select Committee on Intelligence (sometimes referred to as the Intelligence Committee or SSCI) is dedicated to overseeing the United States Intelligence Community—the agencies and bureaus of the federal government of ...
by a vote of 12-3. The bill did not reach a full senate vote before the end of the congressional session. The bill was reintroduced for the 114th Congress on March 12, 2015, and the bill passed the Senate Intelligence Committee by a vote of 14-1. Senate Majority Leader
Mitch McConnell Addison Mitchell McConnell III (born February 20, 1942) is an American politician and retired attorney serving as the senior United States senator from Kentucky and the Senate minority leader since 2021. Currently in his seventh term, McConn ...
, (R-Ky) attempted to attach the bill as an amendment to the annual
National Defense Authorization Act The National Defense Authorization Act (NDAA) is the name for each of a series of United States federal laws specifying the annual budget and expenditures of the U.S. Department of Defense. The first NDAA was passed in 1961. The U.S. Congress o ...
, but was blocked 56-40, not reaching the necessary 60 votes to include the amendment. Mitch McConnell hoped to bring the bill to senate-wide vote during the week of August 3–7, but was unable to take up the bill before the summer recess. The Senate tentatively agreed to limit debate to 21 particular amendments and a manager's amendment, but did not set time limits on debate. In October 2015, the US Senate took the bill back up following legislation concerning sanctuary cities.


Provisions

The main provisions of the bill make it easier for companies to share personal information with the government, especially in cases of cyber security threats. Without requiring such information sharing, the bill creates a system for federal agencies to receive threat information from private companies. With respect to privacy, the bill includes provisions for preventing the sharing of personal data that is irrelevant to cyber security. Any personal information that does not get removed during the sharing procedure can be used in a variety of ways. These shared cyber threat indicators can be used to prosecute cyber crimes, but may also be used as evidence for crimes involving physical force.


Positions


Indemnification

Sharing
National Intelligence National may refer to: Common uses * Nation or country ** Nationality – a ''national'' is a person who is subject to a nation, regardless of whether the person has full rights as a citizen Places in the United States * National, Maryland, ce ...
threat data among public and private partners is a hard problem, and one that many care about. The National Intelligence Threat Sharing (NITS) project is intended as an innovative solution to this hard problem. Altogether NITS is both innovative and useful. But first, to ensure that NITS is trustworthy, private partners must be indemnified. Indemnification takes an act of Congress, literally. The underlying impediment to more fulsome cooperation among buyers, sellers, and peers within a supply chain is
indemnification In contract law, an indemnity is a contractual obligation of one party (the ''indemnitor'') to compensate the loss incurred by another party (the ''indemnitee'') due to the relevant acts of the indemnitor or any other party. The duty to indemni ...
. Indemnification is needed to secure industry partners against legal responsibility for their actions. Unfortunately, Congressional refusal to offer indemnification remains an impediment to real collaboration. At least qualified immunity should be accorded. This is immunity of individuals performing tasks as part of the government's actions.


Businesses and trade groups

The CISA has received some support from advocacy groups, including the
United States Chamber of Commerce The United States Chamber of Commerce (USCC) is the largest lobbying group in the United States, representing over three million businesses and organizations. The group was founded in April 1912 out of local chambers of commerce at the urging ...
, the
National Cable & Telecommunications Association NCTA – The Internet & Television Association (formerly the National Cable & Telecommunications Association, and commonly known as the NCTA) is the principal trade association for the U.S. broadband and pay television industries. It represents ...
, and the Financial Services Roundtable. A number of business groups have also opposed the bill, including the
Computer & Communications Industry Association The Computer and Communications Industry Association (CCIA) is an international non-profit advocacy organization based in Washington, DC, United States which represents the information and communications technology industries. According to their ...
, as well as individual companies such as
Twitter Twitter is an online social media and social networking service owned and operated by American company Twitter, Inc., on which users post and interact with 280-character-long messages known as "tweets". Registered users can post, like, and ...
,
Yelp Yelp Inc. is an American company that develops the Yelp.com website and the Yelp mobile app, which publish crowd-sourced reviews about businesses. It also operates Yelp Guest Manager, a table reservation service. It is headquartered in San F ...
,
Apple An apple is an edible fruit produced by an apple tree (''Malus domestica''). Apple trees are cultivated worldwide and are the most widely grown species in the genus '' Malus''. The tree originated in Central Asia, where its wild ances ...
, and
Reddit Reddit (; stylized in all lowercase as reddit) is an American social news news aggregator, aggregation, Review site#Rating site, content rating, and Internet forum, discussion website. Registered users (commonly referred to as "Redditors") subm ...
. BSA (The Software Alliance) appeared initially supportive of CISA, sending a letter on July 21, 2015 urging the senate to bring the bill up for debate. On September 14, 2015, the BSA published a letter of support for amongst other things cyber threat information sharing legislation addressed to Congress, signed by board members
Adobe Adobe ( ; ) is a building material made from earth and organic materials. is Spanish for '' mudbrick''. In some English-speaking regions of Spanish heritage, such as the Southwestern United States, the term is used to refer to any kind of ...
, Apple Inc., Altium,
Autodesk Autodesk, Inc. is an American multinational software corporation that makes software products and services for the architecture, engineering, construction, manufacturing, media, education, and entertainment industries. Autodesk is headquartered ...
,
CA Technologies CA Technologies, formerly known as CA, Inc. and Computer Associates International, Inc., is an American multinational corporation headquartered in New York City. It is primarily known for its business-to-business (B2B) software with a product p ...
, DataStax, IBM,
Microsoft Microsoft Corporation is an American multinational corporation, multinational technology company, technology corporation producing Software, computer software, consumer electronics, personal computers, and related services headquartered at th ...
, Minitab,
Oracle An oracle is a person or agency considered to provide wise and insightful counsel or prophetic predictions, most notably including precognition of the future, inspired by deities. As such, it is a form of divination. Description The wor ...
, Salesforce.com, Siemens, and
Symantec Symantec may refer to: *An American consumer software company now known as Gen Digital Inc. *A brand of enterprise security software purchased by Broadcom Inc. Broadcom Inc. is an American designer, developer, manufacturer and global supplier ...
. This prompted the digital rights advocacy group
Fight for the Future Fight for the Future (often abbreviated fightfortheftr or FFTF) is a nonprofit advocacy group in the area of digital rights founded in 2011. The group aims to promote causes related to copyright legislation, as well as online privacy and cen ...
to organize a protest against CISA. Following this opposition campaign, BSA stated that its letter expressed support for cyber threat sharing legislation in general, but did not endorse CISA, or any pending cyber threat sharing bill in particular. BSA later stated that it is opposed to CISA in its current form. The
Computer & Communications Industry Association The Computer and Communications Industry Association (CCIA) is an international non-profit advocacy organization based in Washington, DC, United States which represents the information and communications technology industries. According to their ...
, another major trade group including members such as
Google Google LLC () is an American Multinational corporation, multinational technology company focusing on Search Engine, search engine technology, online advertising, cloud computing, software, computer software, quantum computing, e-commerce, ar ...
, Amazon.com,
Cloudflare Cloudflare, Inc. is an American content delivery network and DDoS mitigation company, founded in 2009. It primarily acts as a reverse proxy between a website's visitor and the Cloudflare customer's hosting provider. Its headquarters are in San ...
,
Netflix Netflix, Inc. is an American subscription video on-demand over-the-top streaming service and production company based in Los Gatos, California. Founded in 1997 by Reed Hastings and Marc Randolph in Scotts Valley, California, it offers a ...
,
Facebook Facebook is an online social media and social networking service owned by American company Meta Platforms. Founded in 2004 by Mark Zuckerberg with fellow Harvard College students and roommates Eduardo Saverin, Andrew McCollum, Dustin ...
, Red Hat, and
Yahoo! Yahoo! (, styled yahoo''!'' in its logo) is an American web services provider. It is headquartered in Sunnyvale, California and operated by the namesake company Yahoo! Inc. (2017–present), Yahoo Inc., which is 90% owned by investment funds ma ...
, also announced its opposition to the bill.


Government officials

Proponents of CISA include the bill's main cosponsors, senators
Dianne Feinstein Dianne Goldman Berman Feinstein ( ; born Dianne Emiel Goldman; June 22, 1933) is an American politician who serves as the senior United States senator from California, a seat she has held since 1992. A member of the Democratic Party, she was ...
(D-CA) and
Richard Burr Richard Mauze Burr (born November 30, 1955) is an American businessman and politician who is the senior United States senator from North Carolina, serving since 2005. A member of the Republican Party, Burr was previously a member of the Unite ...
(R-NC). Some senators have announced opposition to CISA, including
Ron Wyden Ronald Lee Wyden (; born May 3, 1949) is an American politician and retired educator serving as the senior United States senator from Oregon, a seat he has held since 1996. A member of the Democratic Party, he served in the United States House ...
(D-OR),
Rand Paul Randal Howard Paul (born January 7, 1963) is an American physician and politician serving as the junior U.S. senator from Kentucky since 2011. A member of the Republican Party, he is a son of former three-time presidential candidate and 12 ...
(R-KY), and Bernie Sanders (I-VT). Senator Ron Wyden (D-OR) has objected to the bill based on a classified legal opinion from the Justice Department written during the early George W Bush Administration. The Obama administration states that it does not rely on the legal justification laid out in the memo. Wyden has made repeated requests to the
US Attorney General The United States attorney general (AG) is the head of the United States Department of Justice, and is the chief law enforcement officer of the federal government of the United States. The attorney general serves as the principal advisor to the p ...
to declassify the memo, dating at least as far back as when a 2010 Office of Inspector General report cited the memo as a legal justification for the FBI's warrantless wire-tapping program. On August 4, 2015, White House spokesman
Eric Schultz Eric Schultz (born 1980) is an American political advisor who served as Deputy White House Press Secretary in the Obama Administration from 2014 to 2017. Recognized by ''Politico'' as the strategist "White House officials turn to in a crisis to h ...
endorsed the legislation, calling for the senate to "take up this bill as soon as possible and pass it". The
United States Department of Homeland Security The United States Department of Homeland Security (DHS) is the Federal government of the United States, U.S. United States federal executive departments, federal executive department responsible for public security, roughly comparable to the I ...
initially supported the bill, with Jeh Johnson, the secretary of the DHS, calling for the bill to move forward on September 15. However, in an August 3 letter to senator
Al Franken Alan Stuart Franken (born May 21, 1951) is an American comedian, politician, media personality, and author who served as a United States senator from Minnesota from 2009 to 2018. He gained fame as a writer and performer on the television comed ...
(D-MN), the deputy secretary of the DHS,
Alejandro Mayorkas Alejandro Nicholas Mayorkas (born November 24, 1959) is a Cuban-American government official and attorney who has been serving as the seventh United States Secretary of Homeland Security since February 2, 2021. During the Obama administration, he ...
, expressed a desire to have all connections be brokered by the DHS, given the Department's charter to protect the executive branch networks. In the letter, the DHS found issue with the direct sharing of information with all government agencies, advocating instead that the DHS be the sole recipient of cyberthreat information, allowing it to scrub out private information. In addition, the Department of Homeland Security has published a Privacy Impact Assessment detailing its internal review of the proposed system for handling incoming indicators from Industry.


Civil liberties groups

Privacy advocates opposed a version of the Cybersecurity Information Sharing Act, passed by the Senate in October 2015, that left intact portions of the law they said made it more amenable to surveillance than actual security while quietly stripping out several of its remaining privacy protections. CISA has been criticized by advocates of
Internet privacy Internet privacy involves the right or mandate of personal privacy concerning the storing, re-purposing, provision to third parties, and displaying of information pertaining to oneself via Internet. Internet privacy is a subset of data privacy. P ...
and civil liberties, such as the
Electronic Frontier Foundation The Electronic Frontier Foundation (EFF) is an international non-profit digital rights group based in San Francisco, California. The foundation was formed on 10 July 1990 by John Gilmore, John Perry Barlow and Mitch Kapor to promote Internet ...
and the
American Civil Liberties Union The American Civil Liberties Union (ACLU) is a nonprofit organization founded in 1920 "to defend and preserve the individual rights and liberties guaranteed to every person in this country by the Constitution and laws of the United States". ...
. It has been compared to the criticized
Cyber Intelligence Sharing and Protection Act The Cyber Intelligence Sharing and Protection Act (CISPA (112th Congress), (113th Congress), (114th Congress)) was a proposed law in the United States which would allow for the sharing of Internet traffic information between the U.S. gover ...
proposals of 2012 and 2013, which passed the United States House of Representatives, but did not pass the Senate.


Similar laws in different countries

United Kingdom government policy: cyber securityThe Scottish Government Information Sharing


See also

*
Anti-Counterfeiting Trade Agreement es, Acuerdo Comercial Anti-Falsificación , image = Anti-Counterfeiting Trade Agreement map (English).svg , image_width = 260 , caption = , type = Plurilateral agreement , date_drafted ...
* Chinese intelligence operations in the United States *
Communications Assistance for Law Enforcement Act The Communications Assistance for Law Enforcement Act (CALEA), also known as the "Digital Telephony Act," is a United States wiretapping law passed in 1994, during the presidency of Bill Clinton (Pub. L. No. 103-414, 108 Stat. 4279, codified at 47 ...
*
Federal Information Security Management Act of 2002 The Federal Information Security Management Act of 2002 (FISMA, , ''et seq.'') is a United States federal law enacted in 2002 as Title III of the E-Government Act of 2002 (, ). The act recognized the importance of information security to the ec ...
*
Freedom of information laws by country Freedom of information laws allow access by the general public to data held by national governments and, where applicable, by state and local governments. The emergence of freedom of information legislation was a response to increasing dissatisf ...
*
Intellectual Property Attache Act The Intellectual Property Attache Act (IPAA) was unveiled by U.S. Representative Lamar S. Smith on July 9, 2012. This act was a section of the previously unsuccessful Stop Online Piracy Act (SOPA) which did not pass its markup by the House Judicia ...
*
National Security Agency The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collectio ...
*
Vulnerabilities Equities Process The Vulnerabilities Equities Process (VEP) is a process used by the U.S. federal government to determine on a case-by-case basis how it should treat zero-day computer security vulnerabilities; whether to disclose them to the public to help impro ...


References

{{reflist, colwidth=30em


External links


S.2588 - Cybersecurity Information Sharing Act of 2014
Congress.gov, Library of Congress.
"Cybersecurity Information Sharing Act will help protect us"
Dianne Feinstein, ''San Jose Mercury News'', July 21, 2014.
Forbes: Controversial Cybersecurity Bill Known As CISA Advances Out Of Senate Committee
Gregory S. McNeal, July 9, 2014.
Center for Democracy and Technology: Analysis of Cybersecurity Information Sharing Act
Gregory T. Nojeim and Jake Laperruque, July 8, 2014.
- CISA Security Bill Passes Senate With Privacy Flaws Unfixed
ANDY GREENBERG AND YAEL GRAUER Oct 27, 2015

2010 to 2015 government policy: cyber security Computer security Copyright enforcement Internet law in the United States Proposed legislation of the 113th United States Congress Internet censorship