In a move held to be somewhat controversial, the Senate Intelligence Committee approved a cybersecurity bill yesterday that is intended to make it easier for corporations and the federal government to defend against data theft.
The Cybersecurity Information Sharing Act (CISA) passed the committee by a 14-1 vote. If enshrined into law, the bill will offer expanded legal liability protections to companies sharing data in the hopes that American businesses will be less hesitant in the future to share information about security breaches with each other and government agencies as soon as possible.
“This current bill is critically important both for our agencies that keep the country safe, and the institutions that hold millions of Americans’ personal information,” Sen. Richard Burr, a North Carolina Republican and chairman of the panel, said in a statement.
A similar piece of legislation last year made it past the committee with a 12-3 vote, but ultimately stalled on the Senate floor as concerns were raised by some that such legislation would also make it easier for the NSA and other government agencies to spy on U.S. citizens.
“[The measure] lacks adequate protections for the privacy rights of American consumers, and…will have a limited impact on U.S. cybersecurity,” noted Sen. Ron Wyden, the only lawmaker to vote against the new bill. “This information-sharing is only acceptable if there are strong protections for the privacy rights of law-abiding American citizens. If information-sharing legislation does not include adequate privacy protections, then that’s not a cybersecurity bill — it’s a surveillance bill by another name.”
The bill comes in the aftermath of a disastrous 2014 (from an online data security perspective) that saw hundreds of retailers breached nationwide, including major players like Home Depot and K-Mart. So far, 2015 has not looked all that much better, with the second largest health insurance provider Anthem being hacked and potentially putting the data of 80 million Americans at risk.
Apart from this newest burst of cybercrime legislation, the Obama administration has earmarked $14 billion in the 2016 budget proposal to beef up U.S. efforts against such attacks. The White House has also announced the creation of the Cyber Threat Intelligence Integration Center that will fuse information from various intelligence-gathering services. The strategy is to organize the war against cybercrime so it more closely resembles the battle against terrorism.