Senate Begins Consideration of Cybersecurity Bill

October 22, 2015

pic-tech-computerOn Oct. 20, the Senate began consideration of the Cybersecurity Information Sharing Act of 2015 (CISA/S. 754). The bipartisan legislation was introduced earlier this year on March 17 by Senate Intelligence Committee Charmian Richard Burr (R-N.C.) and was co-sponsored by the committee’s Ranking Member, Sen. Dianne Feinstein (D-Calif.). The long-stalled bill had over twenty amendments attached to it, and the Senate is currently working through those amendments before voting on the proposed legislation which is expected to take place by week’s end.

If the measure is approved by the Senate, it must go to conference to reconcile the language with bills from the House, one from the Intelligence Committee and one from the Homeland Security Committee.  Both of those two information sharing pieces of legislation passed the House in the spring. The Obama Administration backs action on cybersecurity and President Barack Obama is expected to sign the measure into law if it ultimately reaches his desk.

CISA is meant to foster communication between private companies and the government regarding cyber threat information and data breaches. CISA creates a portal at the U.S. Department of Homeland Security (DHS) where companies can share cyber security information with the government as well as other private entities. The bill also attempts to foster two-way communication by creating a process for the government to share security information with the private sector as well. Going beyond information sharing, the bill also allows companies to take defensive measures to protect its customers’ data and networks or its own. Lastly, the bill protects companies who are sharing information and taking defensive measures from liability.

Originally, the legislation was almost unanimously voted out of Senate Intelligence Committee on March 13, 2015. However, despite this near unanimous vote in committee, the legislation stalled in the Senate in August before Congress adjourned for recess when it failed on a procedural vote. Since August, both Democrats and Republicans have been working to combine and condense some of the related amendments to the CISA. One key amendment—supported by NSBA—offered by Senate Small Business and Entrepreneurship Committee Chairman David Vitter (R-La.) would create a three-year pilot program to establish a cybersecurity operations center for small businesses housed within DHS.

NSBA supports the passage of CISA as a necessary step in protecting small businesses against the constant danger of cyber attacks. Earlier this year, NSBA President & CEO Todd McCracken testified before Congress on the threat that cyber attacks pose to small businesses, many of which lack dedicated IT support personnel to repair the damage caused by attacks. According to NSBA’s 2014 Year End Economic Report the average cost per cyberattack to small businesses is over $20,000, further underscoring the need for action on this issue.

Click here to see the full text of the bill..