Despite the concerns of privacy advocates, the Senate has passed cybersecurity legislation, creating a process for the government and private industry to share information on cyber attacks. The Cybersecurity Information Sharing Act (CISA) was overwhelmingly approved by a 74-21 vote on Tuesday. It must now be reconciled with two similar bills passed in the House before it can become law.
The Cipher Brief reported on the controversial Senate bill in September, with several experts weighing in on the pros and cons of the legislation. Despite the passage of both time and the bill itself, the controversy remains effectively the same.
Proponents view CISA as necessary to protect against an increasing number of cyber attacks. As Sen. Dianne Feinstein put it, the bill has a simple goal, “ to increase the sharing of information about cyber attacks between companies as well as between companies and the government while protecting personal information of the customers of those companies.” However, civil libertarians, Silicon Valley tech firms, and cybersecurity professionals see CISA as an invasion of privacy. Greg Nojiem from the Center for Democracy and Technology wrote in The Cipher Brief that CISA is “a surveillance bill dressed in cyber-security clothing.”
And there are some people who see CISA as an imperfect, but probably beneficial, first step towards more comprehensive legislation. Raj De, former General Counsel for the National Security Agency, told The Cipher Brief “it is important that we not allow the quest for perfection to be the enemy of the good when it comes to any legislation.”
The fight over CISA is not over yet, with some opponents hinting that the bill could be blocked by a filibuster. Even if it passes, there are indications that it will be the first of several new pieces of cybersecurity legislation. The next major push appears to be cyber-protection for critical infrastructure. The Cipher Brief will tackle that issue in an upcoming report, as well as follow all cybersecurity developments on Capitol Hill.
Luke Penn-Hall is the Cyber and Technology Producer at The Cipher Brief.
