Aug 04, 2015 - 12:00pm

Before Summer Break, Senate Must Pass Cyber Legislation to Protect Against Hackers


Former Senior Vice President, National Security and Emergency Preparedness Department, U.S. Chamber of Commerce

204590048_1.jpg

Customers try out smartphones. Photographer: Tomohiro Ohsumi/Bloomberg
Photo Credit: Tomohiro Ohsumi/Bloomberg

A few years ago cyberattacks against the government and corporations were on the margins of news stories. But now we hear of new hacking incidents practically daily. Following several high-profile data breaches, such as at the Office of Personnel Management (OPM), people realize that these types of attacks are no joke, and they aren’t going away anytime soon.

OPM announced this summer that hackers stole sensitive information on 21.5 million current and former federal government employees and may include information on family members, friends and references listed by applicants on security clearance background investigation forms.

These cyberattacks are being launched daily from various sources — including hackers, organized criminals and state-sponsored groups — and, frighteningly, are growing in sophistication and frequency. All of this underscores the need for the Senate to pass legislation to protect America’s cyber networks.

The Senate has the opportunity to act on an important cybersecurity bill — S. 754, the Cybersecurity Information Sharing Act of 2015 (CISA). This legislation gives businesses legal certainty that they have protections from liability, regulatory, and antitrust matters when voluntarily sharing and receiving threat data indicators and defensive measures in real time and monitoring their networks to mitigate cyberattacks.

Sens. Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.), the authors of CISA, have recently revised their bill to increase its privacy protections. Among other things, the managers’ amendment further limits the sharing of cyber threat data to “cybersecurity purposes.” Closely related, the revised measure eliminates the government’s ability to use cyber threat indicators to investigate and prosecute “serious violent felonies.” Taken together, these two changes put to rest any false claims that CISA is a “surveillance” bill.

The managers’ amendment also ensures that the use of defensive measures does not allow an entity to gain unauthorized access to a computer network. The bill’s writers have worked diligently to address the concerns of privacy and civil liberties organizations.

The goal of CISA is to help companies achieve timely and actionable situational awareness to improve the business community’s and the nation’s detection, mitigation and response capabilities.

Additional positive effects of enacting cyber information-sharing legislation include strengthening the security of personal information that is maintained on company systems and increasing costs on nefarious actors. CISA would complement the National Institute of Standards and Technology’s (NIST’s) excellent cybersecurity framework, which many industry associations and companies are embracing and promoting with their business partners.

CISA has received strong bipartisan support and its provisions reflect commonsense negotiations among many stakeholders. The Chamber has long supported cyber threat information-sharing legislation. The business community should not be left alone to battle foreign powers and their cyber surrogates. Our organization urges the Senate to pass CISA before leaving for the summer recess.

Tell Congress to Protect America's Cyber Networks

About the Author

About the Author

Former Senior Vice President, National Security and Emergency Preparedness Department, U.S. Chamber of Commerce

Beauchesne is the former principal spokesperson on national security and emergency preparedness issues, and is responsible for building and maintaining relationships with administration and regulatory agency leaders.