The Senate took a big step toward protecting U.S. businesses and consumers from the rising threat of cyberattacks by passing the Cybersecurity Information Sharing Act (CISA) on Tuesday.
The legislation would provide legal protections to businesses that voluntarily share cybersecurity-related information with other companies and with the government. One must look no further than the recent spike in cyberattacks - including notable breaches at Sony and the Office of Personnel Management - to understand the urgent need for such legislation.
"Cyberattacks aimed at U.S. businesses and government entities are being launched from various sources, including sophisticated hackers, organized crime, and state-sponsored groups," Bruce Josten, U.S. Chamber of Commerce executive vice president for government affairs, wrote in a key vote letter to the Senate. CISA, he added, would "help companies achieve timely and actionable situational awareness to improve the business community’s and the nation’s detection, mitigation, and response capabilities."
The product of bipartisan cooperation by Sens. Richard Burr (R-N.C) and Dianne Feinstein (D-Calif.), CISA passed with wide support on both sides of the aisle, 74-21. The vote comes six months after the House approved similar legislation, and the two chambers will now head to conference to reconcile the differences between the two measures.
“We urge the Senate and House to quickly work out the differences in their respective cybersecurity bills and send necessary legislation to the president,” U.S. Chamber President and CEO Tom Donohue said in a statement this week, noting that the Senate bill “contains provisions to guard and respect individuals’ privacy and civil liberties.”
“We need to get the job done now,” Donohue added. “Nation states or their proxies and criminal groups are attacking American enterprise with impunity, and that has got to stop.”