Close
ThinkAdvisor

Regulation and Compliance > Cybersecurity

Senate Takes Up Cybersecurity Info Sharing Bill

X
Your article was successfully shared with the contacts you provided.

The Senate began debate late Tuesday on S. 754, the Cybersecurity Information Sharing Act, controversial cybersecurity legislation supported by Wall Street trade groups and banks, but opposed by big tech companies like Apple and Google because they see the bill as a threat to Americans’ privacy.

The Securities Industry and Financial Markets Association and the Financial Services Roundtable have both called on Senate leaders to pass the bill, as they say it would establish clear lines of communication between the private sector and government agencies responsible for cybersecurity.

Both groups urged Senate leaders in August to take up and quickly pass the legislation, known as CISA.

Industry groups expect a vote on CISA early next week.

In comments on the Senate floor Wednesday, Senate Minority Leader Harry Reid, D-Nev., said that the authors of CISA, Sen. Dianne Feinstein, D-Calif., ranking member of the Senate Intelligence Committee, along with the committee’s chairman, Sen. Richard Burr, R-N.C., “have worked hard” on the bill, which he said addresses a “serious national security issue,” and that the bill should have been “addressed” long ago.

Reid argued that Senate Democrats “were ready to do a comprehensive cybersecurity bill three years ago. But our Republican colleagues blocked us from even debating the bill because the Chamber of Commerce opposed it.”

Several months ago, Reid continued, “we reached an agreement with Republicans to begin debating this cybersecurity legislation. And now that we are on it, I hope that we can process it in an efficient and bipartisan matter.”

Former Gov. Tim Pawlenty of Minnesota, president and CEO of FSR, urged Senate Majority Leader Mitch McConnell and Reid in a Tuesday letter signed by other financial services trade group leaders to pass CISA and defeat any amendments that would “undermine its goals.”

Pawlenty along with the other CEOs stated that current laws related to the sharing of cyber threat information are unclear, confusing, uncoordinated and do not encourage activities that could better protect customers. 

“CISA would help to establish clear lines of communication between the private sector and various government agencies responsible for cybersecurity and would establish a more open dialogue about emerging, imminent and high-risk cyber threats,” the CEOs wrote in the letter. “This is critically important as understanding cyber risks and threats is the first step to defending networks and our critical infrastructures from malicious activity.”

The groups noted that the Senate will likely consider several amendments to CISA that could “potentially undermine the bill’s core principles.”

The letter specifically urges the Senate to defeat the “Leahy No. 2587, Franken No. 2612, Wyden No. 2621 and Flake No. 2582 amendments as they weaken, complicate, and interfere with the protection of private and financial information.”

Ken Bentsen, president and CEO of SIFMA, told McConnell and Reid that as the industry focuses on “the future risks” to the financial system and the economy, “cyber is perhaps the greatest.”

Said Bentsen: “The threat our economy faces from cyberattacks is real and information sharing legislation will help the financial services industry to better protect our systems and data as well as the privacy of our customers. We simply cannot wait for the next attack to get a bill to the president’s desk and so SIFMA calls on the Senate to act on CISA and for the House and Senate to reach a quick agreement.”

However, big tech and media companies like Google, Microsoft, Apple, Twitter, Yahoo, Yelp, Netflix, Amazon, Ebay and Wikipedia argue CISA will lead to more government surveillance.

“CISA is fundamentally flawed in its approach to cybersecurity,” says the Electronic Frontier Foundation, an advocacy group for digital privacy, in a blog post published Tuesday. “Its information sharing regime wouldn’t even fix the most recent public breaches, since it doesn’t address basic problems, like unencrypted files, poor computer architecture, un-updated servers, and employees (or contractors) clicking malware links.

“Instead, CISA provides broad immunities for companies to share personal information to the federal government, vague definitions that do not define what information can and cannot be shared, information can be used for purposes unrelated to cybersecurity, and has the potential to be used as another tool to conduct surveillance.”

— Check out Financial Services Groups Push Cybersecurity Bill on ThinkAdvisor.