Cybersecurity

Senate passes cybersecurity bill, bringing immunity for sharing cyberthreat data closer to reality

On October 27, 2015, the Cybersecurity Information Sharing Act of 2015 (CISA), passed the Senate, by a 74-21 vote. The bill’s passing by such an overwhelming majority is a crucial step towards the controversial CISA becoming law, with support from some security experts and to the chagrin of other privacy advocates.

CISA’s underlying purpose is to encourage the sharing of cyber threat information amongst private entities and between private entities and the federal government. The bill permits an entity to share with any other entity or the federal government (or vice versa) “cyber threat indicators” and “defensive measures” that are consistent with a “cybersecurity purpose.” Essentially, this amounts to the sharing of technical data that indicates how networks have been attacked, and how the government or private entities have successfully detected, prevented, or mitigated such attacks. The bill does not specify the procedures by which cyber threat information will be shared, but private entities are directed to share any information with the Department of Homeland Security.