The highly debated bill is back in play again – the Cybersecurity Information Sharing Act 2015 – perhaps to a less than enthusiastic audience in the USA.
As a brief introduction, this bill was first introduced in the US Senate on July 10, 2014 with the intention to provide a platform for tech companies to share information about cyber threats with authorities. Supporters have been working hard to push the bill through since then and the bill is currently at the stage of voting by the Senate before it is finally ratified and enforced as law.
This bill appears to have overarching effect so, unsurprisingly, trade groups such as the Computer and Communications Industry Association (CCIA) representing global giants Google and Facebook are strongly opposing to the bill. Citing “collateral harm” which such intervention could bring to the general internet users, there exists ancillary issues to the argument – for example, potential information abuse and violation of privacies.
Several critics went on to say that such “sharing of information” may not be very effective when it comes to preventing cyber threats. In the same resonant, Ryan Kalember, senior vice president of cybersecurity strategy at Proofpoint claimed that:
“The few recent security attacks on government agencies were the result of premeditated attacks aimed at, mostly, the general Internet user of email, social media, and the likes. So, that would mean even if the attack information were disseminated fast enough, those security breaches would have been inevitable anyway.”
Interestingly, even the Department for Homeland Security (DHS) for which this bill allows such sharing of “anonymous” information, seems to disagree on the approach as this would mean other entities like NSA and FBI would have their fingers all over it.
However, the DHS does not seem to shy away from the proposed system although preferring instead a more centralized mechanism for the sharing of information such as the National Cybersecurity and Communications Integration Center (NCCIC) – an entity which works on network defense activities which keeps the information anonymous before sharing them with other agencies.
The CEO of salesforce.com, Marc Benioff said:
“The letter clearly was a mistake and doesn’t imply CISA support. We need to clarify. I’m against it,”
@aram The letter clearly was a mistake and doesn’t imply CISA support. We need to clarify. I’m against it.
— Marc Benioff (@Benioff) September 25, 2015
Until and unless these concerns are addressed adequately, it would seem that this bill would be a tough pill to swallow. Unrest can already be seen boiling within privacy groups which started online protests such as YouBetrayedUs, although that was a result of a mere mistake in the a letter by the in BSA | The Software Alliance to Congress, thought to be in support of the bill.