Security Week: Industry Reactions to CISA Approval by Senate: Feedback Friday

The United States Senate this week passed a controversial cybersecurity bill designed to facilitate sharing of threat data between private companies and the government in an effort to prevent data breaches.

If the Cybersecurity Information Sharing Act (CISA) becomes law, it will be easy for private sector companies to share threat data with the Department of Homeland Security and other agencies. The information will be used to fend off cyberattacks aimed at American companies.

However, privacy and civil liberties groups claim CISA can have serious privacy implications as it gives companies free rein to share their customers’ personal information with the NSA and the FBI.

CISA is its current form is opposed by many, including the whistleblower Edward Snowden. Experts contacted by SecurityWeek pointed out that while the bill is good in theory, there are some serious issues that need to be addressed.

Bill Anderson, ‎Chief Product Officer, Optio Labs:

“The security world equivalent of “If a tree falls in a forest and no one hears it, does it make a sound?” would be “If you have no idea your data has been leaked, is it still a violation?” (hint: of course it is). The Cyber Information Sharing Act brings privacy rights into the spotlight, and in theory, the government is hoping to make us more secure. But with so much of our personal and business lives existing online in today’s digital world, there’s a fine line between defining consumer privacy rights and defining meta-data collection parameters that know a little bit about all of us.

CISA may enable an expanded program of quiet government collection on individual’s data, but while the legislation states that data being shared can be stripped of PII, we have to wonder how easy it would be to put it together again to identify individuals and all of their activity. How do we know the new CISA repositories are going to be any better protected than the data lost in enormous breaches over the last five years? There is huge potential for sharing best practices and threat information within the industry, but let’s be realistic and admit that no-one is immune to any threats. Placing consumer information in a giant CISA repository is as much an invitation to attackers, as a tool for defenders. Let’s hope the next tree we hear falling is not an announcement that the CISA system has been breached.”

Read the full article here:

Read the full blog post here:

Share this news