8 things to know about the Cybersecurity Information Sharing Act

On Tuesday, the Senate passed the Cybersecurity Information Sharing Act of 2015, a bill aiming to enhance cybersecurity measures in the country by fostering data sharing between the public and private sectors. The House passed the bill in April.

Here are eight things to know about the Cybersecurity Information Sharing Act.

1. Sen. Richard Burr (R-N.C.) introduced the bill in March 2015. It passed the Senate 74 to 21.

2. The bill essentially grants legal immunity to corporations for sharing cybersecurity data and information with the federal government. The bill "exempts from antitrust laws private entities that, for cybersecurity purposes, exchange or provide: (1) cyber threat indicators; or (2) assistance relating to the prevention, investigation or mitigation of cybersecurity threats."

3. The bill says such exemptions are inapplicable in instances of price-fixing, allocating a market between competitors, monopolizing a market, boycotting or exchanges of price or cost information.

4. However, opponents of the bill say it does not do enough to protect Americans' privacy. Sen. Ron Wyden (D-Ore.), who voted against the bill, told Ars Technica, "The fight to secure Americans' private, personal data has just begun. Today's vote is simply an early, flawed step in what is sure to be a long debate over how the U.S. can best defend itself against cyberthreats…[The bill] will allow large volumes of Americans' personal data to be unnecessarily shared with government agencies from the NSA to the FBI."

5. NSA whistleblower Edward Snowden commented on the bill, saying it will do little to prevent cyberattacks and is more of a surveillance bill. "CISA isn't a cybersecurity bill," Mr. Snowden wrote on a Reddit thread. "It's not going to stop any attacks. It's not going to make us any safer. It's a surveillance bill. What it allows is for the companies you interact with every day — visibly, like Facebook, or invisibly, like AT&T — to indiscriminately share private records about your interactions and activities with the government."

6. Proponents of the bill laud the legislation for its effort to bolster the country's defenses against attacks. "Sharing technical details on the latest digital threats is critical to strengthening America's cyberdefenses," said Timothy Sheehy, vice president for technology policy in IBM's government and regulatory affairs office, according to The Washington Post. "Online criminals actively share information to penetrate networks, steal vital economic and national security data and compromise the personal information of millions of Americans."

7. In the healthcare sphere, CHIME spoke out in favor of the CISA bill. Along with the Association for Executives in Health Information Security, CHIME said it is encouraged that the bill includes language that would establish a cybersecurity framework specifically for healthcare organizations. "The nation's CIOs and CISOs have been assigned the daunting task of securing patient information in a highly digital environment. Threats are evolving and there's no respite on the horizon. We've seen bad actors target large insurers, academic medical centers and community hospitals alike. We need to ensure our CIOs and CIOs have the resources they need, including the ability to share cyber threat information, to protect patient data," said CHIME President and CEO Russell Branzel.

8. The Senate and the House now have to draft a final, reconciled version of the bill to send to the president's desk. Last week, the White House released a statement largely in favor of the bill. "Information sharing legislation must carefully safeguard privacy, confidentiality and civil liberties; preserve the long-standing respective roles and missions of civilian and intelligence agencies; and provide for appropriate sharing with targeted liability protections. The Administration is encouraged by the strong bipartisan support for cybersecurity information sharing legislation in the Congress."

More articles on health IT:

Mother Jones piece hits Epic hard: 5 criticisms of the EHR vendor
11 most innovative companies, according to the C-suite
Startup Insider: Procured Health

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Top 40 Articles from the Past 6 Months