Senate Panel Approves Cybersecurity Bill

March 18, 2015

pic-tech-computerOn Thursday, March 12, the Senate Intelligence Committee held a closed mark-up where they approved 14-1 an amended cybersecurity information-sharing bill, the Cybersecurity Information Sharing Act (CISA). Several changes were made to the legislation during the afternoon session, including addressing the White House’s concerns about privacy protections. Sen. Ron Wyden (D-Ore.) cast the single vote in opposition to the measure.

Senate Intelligence Committee Chairman Richard M. Burr (R-N.C.) is hopeful the chamber will take up the bill shortly after the April recess. The committee’s ranking member Dianne Feinstein (D-Calif.) is also confident that, with the improvements made to the bill, it will likely pass both the Senate and the House, enabling it to be signed into law.

CISA will provide expanded legal liability protections to companies that share data relevant to security breaches with the federal government and other companies. Privacy advocates criticized the bill as being too broad and thereby actually making it easier for the government to spy on its citizens. According to The Hill, Sen. Feinstein has said the panel approved 12 privacy-related amendments to the overall bill. Text of the amended bill was still not available as of the writing of this article.

In 2013, the House passed a cybersecurity information sharing bill, by a vote of 288-127. Then in July 2014, the Senate Intelligence Committee advanced a similar cybersecurity bill by a 12-3 vote. That bill failed to generate enough momentum to get a floor vote.

In addition to the increase in high-profile security breaches at companies ranging from Anthem to Target to Home Depot, small businesses are increasingly under attack. According to NSBA’s 2014 Year-End Economic Report, half of all small businesses report they have been the victim of a cyber-attack – up from 44 percent just two years ago. Among those who were targeted, 68 percent report being a cyber-victim more than just once.

In 2013, cyber-attacks cost small businesses on average $8,699 per attack. Today, that number skyrocketed to $20,752 per attack. The survey also showed that cyber-attacks are taking more time to resolve today, with one-in-three saying it took three days or more to resolve, up from just one-in-five two years ago.

NSBA will continue to monitor CISA to ensure small businesses are protected against both cyber-attacks as well as over burdensome regulations and requirements from the federal government.