Cybersecurity Legislation Approved by Senate

October 28, 2015

pic-tech-worldOn Oct. 27, the Senate approved the Cybersecurity Information Sharing Act of 2015 (CISA/S. 754). A week-long consideration of the legislation, which started on Oct. 20 was finally concluded by a 74-21 vote approving the legislation. The bipartisan legislation was approved on votes from 30 democrats, 43 republicans and one independent.

Senate leadership attempted to consider this legislation earlier this summer, however, at that time, the legislation failed on a procedural vote before the Senate left for August recess. The bill is a rare piece of bipartisan legislation from a deeply divided Congress and was introduced in March by Senate Intelligence Committee Charmian Richard Burr (R-N.C.) and co-sponsored by the committee’s Ranking Member, Sen. Dianne Feinstein (D-Calif.) on the heels of several high-profile data breaches in both the private and public sectors.

The CISA is designed to combat threats to both the public and private sector by opening voluntary avenues of communication between private companies and the government regarding cyber threat information and data breaches.

There have been several high-tech companies, including Facebook, Yelp and Wikipedia, who have come out against the legislation citing privacy concerns and arguing that the legislation potentially places too much information in the hands of the government. However, to mitigate these concerns, several amendments were included in the measure. Those amendments would among other things, eliminate the government’s ability to use the information submitted to it in order to investigate and prosecute some felonies, clarify the sort of information sharing that are allowed outside the DHS portal created by the legislation. The amendments also clarify that the legislation authorization to use defensive measures to protect one’s information does not authorize unlawful entry into another computer network. The legislation establishes voluntary programs, so if a company—large or small—has concerns about the information being shared with the government then it can opt out of the program.

While the legislation passed the Senate, it must now be conferenced with two similar pieces of legislation from the House in order to reconcile differences in the language. Only after Congress approves that new language will it move on to President Barack Obama for his approval, which he is expected to sign into law.

NSBA welcomes the CISA’s passage as a step forward in protecting small businesses against the constant danger posed by cyber attacks. Cyber threats are at the foremost of the concerns of small business owners around the country. According to NSBA’s 2014 Year End Economic Report half of all small businesses surveyed indicated that they have been victims of cyber attacks, a six percent increase from 2012, with the average cost of such an attack being over $20,000.

Click here to see the full text of the bill.