The Senate is expected to consider the Cybersecurity Information Sharing Act (CISA) (S. 754) soon. Information sharing legislation that would fill gaps in existing law to make it easier for companies to share cyber threat indicators (CTIs) is probably necessary. Unfortunately, CISA is not the answer for many reasons.
First, CISA is actually a surveillance bill dressed in cybersecurity clothing. The bill allows the government to use – for completely unrelated criminal investigations – the CTIs companies share for cybersecurity purposes, bypassing warrant requirements that would otherwise apply. In addition, CISA requires the Department of Homeland Security (DHS) to share in real time the CTIs it receives with all “appropriate government agencies.” As a result, CTIs must immediately be given to the NSA, without any time to put in place privacy-protective measures beforehand.
“The Cipher Brief has become the most popular outlet for former intelligence officers; no media outlet is even a close second to The Cipher Brief in terms of the number of articles published by formers.” —Sept. 2018, Studies in Intelligence, Vol. 62
Access all of The Cipher Brief‘s national security-focused expert insight by becoming a Cipher Brief Subscriber+Member.
