Senate heads toward vote on CISA cyberthreat info sharing bill

A preliminary vote on the controversial bill could happen as soon as Wednesday

The U.S. Senate could take a preliminary vote as soon as Wednesday on a controversial bill intended to encourage businesses to share cyberthreat information with each other and with government agencies, despite concerns that the legislation would allow the widespread sharing of personal customer data.

Senate leaders are attempting to iron out compromise language to address privacy concerns in the Cybersecurity Information Sharing Act (CISA), but if no compromise is reached Senate Majority Leader Mitch McConnell will schedule a so-called cloture vote on Wednesday morning, said a spokesman for McConnell, a Kentucky Republican.

A cloture vote would limit debate on the bill and move the Senate toward final passage, potentially before the Senate leaves for a four-week summer recess this weekend.

CISA would protect from customer lawsuits businesses that share cyberthreat information, but privacy groups have opposed the bill, saying it would allow businesses to share customers' personal information with the National Security Agency and other intelligence agencies.

CISA would be a "trigger" for the NSA to target U.S. residents for surveillance, Jonathan Mayer, a security researcher and lawyer at Stanford University, said last week.

In a letter sent last week, the Department of Homeland Security also raised privacy concerns.

CISA could "contribute to the compromise of personally identifiable information by spreading it further", by mandating that DHS, the agency that would receive most of the shared cyberthreat information, share that information in real time without scrubbing out personal data, the agency said in its letter.

Privacy groups criticized the move toward a vote in the Senate after a recent campaign against the bill resulted in more than 6 million faxes sent to Congress.

Digital rights group Access is "deeply disappointed that Leader McConnell has chosen to ignore the will of the people and push ahead with consideration of this deeply flawed cybersurveillance bill before the August recess," Amie Stepanovich, U.S. policy manager for the group, said by email. "Any senator who values privacy and security must reject this attempt to sacrifice both at the altar of increased surveillance and corporate liability protections."

Supporters of CISA say the legislation is needed to stimulate a cyberthreat information sharing culture among U.S. businesses. Many businesses are reluctant to share information because of potential customer lawsuits, said former U.S. Representative Mike Rogers, sponsor of the controversial Cyber Intelligence Sharing and Protection Act (CISPA), a similar bill that failed to become law after President Barack Obama threatened to veto it.

CISA is the "one piece of legislation" that could help fix the U.S. cybersecurity weaknesses, Rogers said during a cybersecurity event Monday. "If we can share malicious source code in real time -- machine to machine, zeroes and ones in light speed -- we might be able to put a dent in this."

The concerns from DHS over CISA means "our own government is going to work against itself over the details over how we come up with a cybersharing regime," Rogers added.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.

Join the CSO newsletter!

Error: Please check your email address.

Tags Mitch McConnellU.S. Department of National SecurityU.S. SenatelegislationgovernmentMike RogersU.S. National Security Agenydata protectionprivacyAccessJonathan MayersecurityAmie Stepanovich

More about IDGLeaderNational Security AgencyNewsNSAStanford UniversityTwitter

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place