Earlier this week, the U.S. Senate overwhelmingly passed the Cybersecurity Information Sharing Act (CISA) which provides certain liability protections for companies who voluntarily share information on cyberattacks and cyberthreats with other companies and the federal government. The bill will now be consolidated with a one that passed the House of Representatives earlier this year. Venable Managing Director of Cybersecurity Services Ari Schwartz discussed the bill's passage with Law360, SearchSecurity TechTarget, and Network World on October 28, 2015.
"Ensuring that personal information is being stripped out before sharing it through the portal maintained by the U.S. Department of Homeland Security is one of the main areas that has improved over time, and is what moved the White House from threatening a veto to actively supporting it," Schwartz told Law360.
"It was a strong statement that folks are in favor of getting something done in the space," Schwartz added in an interview with SearchSecurity TechTarget. "There were over 50 trade associations lobbying in favor of it. So while there has been a lot of tension over the last few days with those who oppose it, there has been a sustained effort in favor over the past year by the trade associations and led by the U.S. Chamber of Commerce." Schwartz said the bill also has support from telecom, retail, energy, and transportation companies because it addresses legal liability. "It's not the technology that's the problem," he said. "It is the concern that they have liability in sharing the information. Some sectors have been able to do it effectively, but some sectors have specific laws that stop them from being able to do it."
If the final law keeps the liability protections intact, it would become difficult for businesses to resist sharing information about cyberthreats. "It's harder to say no now," Schwartz told Network World. "You have to give information to get information."