 |
| Courtesy of Wikmedia Creative Commons |
The bill would establish a system where companies can share so-called "cyberthreat indicators" with the Department of Homeland Security, done by sharing personal, private business data.
The Senate has been working on CISA for more than six years, Sen. Dianne Feinstein (D-Calif.) said, who co-sponsored the bill.
"This is kind of a new day," Feinstein said. "A way to pass a complicated, somewhat technical bill."
On Oct. 22, the Senate voted 83-14 to close debate on various amendments, moving the bill to Tuesday's vote. Five last-minute privacy-minded amendments were also shot down on Tuesday before the final vote.
Sen. Ron Wyden (D-Ore.) was the leading CISA critic throughout the hours of floor debate Tuesday.
"Increasingly, when Congress just reacts to a technology issue which is all over the news, instead of getting the win-win -- which is more security and more liberty -- Congress ends up with a policy that really doesn't deliver on either count," Wyden said.
Important first step forward, say broad coalition of supporters, including Democrats, Republicans and industry
Proponents include a rare bipartisan coalition of senators, President Barack Obama and many industry groups - particularly the financial sector. JP Morgan Chase, Target, Sony and Home Depot have all suffered significant data breaches in the past three years.
Breached businesses haven't seen their stocks plummet. A Harvard Business Review article noted that "even the most significant recent breaches had very little impact on the company's stock price."
However, that doesn't mean their aren't significant costs for affected businesses. Target, for example, lost about $236 million from breach-related costs and pledged $100 million to upgrade its systems. Research has shown average fallout costs from a breach have increased 11 percent in 2015, up to $6.5 million.Businesses have a strong incentive for the government to look into potential explanations for how these hacks occurred. The government itself also has a self-interest, as more than 22 million people had sensitive information exposed from a July hack of Office of Personnel Management. Feinstein described CISA as an important first step on cybersecurity policy.
Cybersecurity is a uniquely 21st century threat to governments, businesses and ordinary citizens around the world. The ability for hackers to act from anywhere around the world, the increasing complexity of computing systems, and the difficulty of detecting vulnerabilities in security are the main reasons cybersecurity has become one of the biggest problems for the Department of Homeland Security.
CISA could establish additional programs to ones already in place for DHS. Current cybersecurity programs include the National Cybersecurity Protection System, Continuous Diagnostics and Mitigation, the National Cybersecurity and Communications Integration Center and the Federal Information Security Management Act Reporting.
Tech industry and privacy advocates unite in opposition to CISA, claim it misses actual issue
CISA support is far from unanimous. Sen. Ron Wyden (D-Ore.) has been a lead critic, citing privacy concerns as his main worry. Wyden said that CISA encourages large, unspecific dumps of personal data from businesses to governments. "The bill says, with respect to personal data, when in doubt, you can hand it over," Wyden said.
Joining Wyden in Senate opposition are two presidential candidates: Sen. Bernie Sanders (I-Vt.) and Sen. Rand Paul (R-Ky.).
The tech industry has also vocalized their disagreement with CISA. Companies that have released statements against the bill include Apple, Wikimedia, Yelp, Twitter, Dropbox and Reddit among others.
"We don't support the current CISA proposal," Apple said in an Oct. 20 statement. "The trust of our customers means everything to us and we don't believe security should come at the expense of our privacy."
Going beyond privacy concerns, national security expert Patrick Eddington wrote that there is little to no evidence that "sharing cyber threat indicators" will enhance Internet security.
For example, in the case of the Target breach, hackers were able to get into Target's system through a third-party vendor, a refrigeration company. Even if Target's systems were impenetrable, if outside sources such as third-party vendors have access to sensitive data, the company is still vulnerable to breaches. It is not clear how CISA would handle these types of inter-business relationships.
A Boston Globe editorial said the bill missed the underlying causes of cybersecurity issues, arguing that encrypting data, updating systems and boosting cybersecurity funding would be what actually would help businesses protect themselves from hacks.
The night before the final vote, whistleblower Edward Snowden went on Reddit to explain his opposition and fears over privacy with CISA. "CISA isn't a cybersecurity bill," Snowden wrote. "It's not going to stop any attacks. It's not going to make us any safer. It's a surveillance bill."
The Senate and House of Representatives would need to convene to create one mutually-agreeable version of CISA before sending it to the White House for final approval.
ReplyDeleteAndy, I can see that you put a great amount of work and time into this ePortfolio, as it is extremely concise and informational to its readers. Personally, I had no idea that cybersecurity was such an issue in today’s day. Nor was I aware that the government was just as concerned as businesses; enough to pass the Cybersecurity Information Sharing Act. Understandably, companies are clearly losing a significant amount of money from hackers, and although the risk of hackers seems to be rising, there is definitely underlying conflict about weather the bill was truly appropriate and the best solution for the companies.
I was interested to discover more about some of the major companies that have issues with security theft. And although there seems to be fair options to help prevent the issue of cybersecurity, such as various programs, you gave a clear explanation of how it’s not as easy as using one of the methods to security because you don’t know how to be sure that it’s as trustworthy as it claims. I agree with the argument of whether or not the government should be trusted with gaining companies’ private account information. I wouldn’t necessarily trust them either, because I have no proof that they won’t eventually go against their word.
The only critiques that I could possibly find in your ePortfolio were a few basic grammatical errors and maybe some feedback on understandability. In the third paragraph of the site, you use a statement that says, “The Senate has been working on CISA for more than six years.” From what I thought it seems like a direct quote, and in the text it does not have quotations around it. Also, in your intro to the section starting with “Important first step forward…,” it was a bit difficult to understand, but it was clarified in the rest of the text under that section.