House Passes Cybersecurity Bill but Will it be Effective
A major step in the life of the proposed cybersecurity bill came during the end of April, as the U.S. House of Representatives passed the Protecting Cyber Networks Act and the National Cybersecurity Protection Advancement Act. The vote isn't the final step in the bills becoming law, but it represents a halfway point of sorts. Should the U.S. Senate also approve the bills, they will come into effect unless an executive veto is brought into play. Considering President Barack Obama's support of cybersecurity measures and the recent, public statements to that extent, a veto is unlikely should the bills pass through the Senate.
Will it be effective?
The major change that would arise from the passage of the bills is the creation of a sort of information clearinghouse. This structure will enable both for-profit businesses and government agencies to better understand current cyberthreats faced by one or many of the participants. Advanced knowledge of a particular style of attack or of a series of breaches involving a specific location or set of IP addresses would make effective defense a much easier proposition. This functional aspect of the bills is expected to provide significant assistance in terms of identifying and dealing with threats, but the particulars involved have brought up protests related to privacy and government access to otherwise inaccessible personal data.
The privacy concerns
According to Wired, the bills' data-sharing provisions include allowing a multitude of government bodies to gain access to data that may include information consumers view as personal. This is true even in situations when access to such information would be prohibited by various laws in other circumstances. This component of the bills has been cited as a potentially contentious issue in terms of public perception of both the law itself and companies that participate in the exchange. While this is a secondary concern to businesses understandably weary of malicious intrusions into their databases, it's still important. Cyber defense is obviously a priority, but the impact of the proposed act on the opinions of consumers and other organizations with which a company does business has to be a factor as well.
A balance likely necessary
As Forbes pointed out, the White House had originally come out strongly in favor of privacy protections as part of cybersecurity efforts. However, it has recently prioritized the passing of a security law - with the expectation that issues related to privacy and other concerns with the bills will be worked out on the floor of the House or Senate. With little change in the bills' current structure after they were approved by the House of Representatives, it will ultimately be up to the Senate to make any modifications. That isn't a sure thing by any means, and changes may or may not be applied to the bills before they move forward in the process of becoming a law. The Senate may also have to combine the various provisions of the two bills into a single document.
Proactive efforts on the individual level
There's little doubt that, assuming proper structure and the appropriate channels for sharing information, the cybersecurity bills will prove to be a benefit for companies and the federal government. However, the fact that the proposed law focuses on the sharing of information after at least a single company has been impacted means it's not a substitute for internal safeguards. Businesses need to make sure they are taking the appropriate steps to protect data and proactively identify potential threats.