How Strong is the New Cybersecurity Bill
A proposed cybersecurity bill that could strengthen the bonds between federal regulatory bodies, law enforcement agencies and private businesses has moved one step closer to becoming a law. The Senate Intelligence Committee passed the bill 14-1 in mid-March, pushing it farther along in the process to become law. As Wired pointed out, the strong approval by the committee was achieved in part due to what intelligence committee chair Richard Burr called a balance of increased security efforts and provisions to protect the personal information of individual users and business entities. However, there has been plenty of criticism from many corners about both the effectiveness of the proposed legislation and its impact on privacy.
Pro-privacy groups, Democrats are against the bill
Although it's not surprising that online privacy advocates have come out against the bill, they are providing some of the loudest voices in the discussion. The Hill reported many groups and individuals in the strong privacy camp are viewing many of the bills provisions as enabling further governmental surveillance on personal and business communications. For its part, the Senate Intelligence Committee has said that the motivations behind the bill are to provide a stronger network of cybersecurity by encouraging participation and cooperation, but many remain unconvinced. Senate Democrats otherwise unaffiliated with privacy groups have offered similar objections as well.
Why businesses may be reticent to participate
A more practical consideration for businesses is the type of information that would be shared under the auspices of the bill. Wired pointed out that, despite assurances that the data would be limited to what the document calls threat indicators, other types of information would be covered as well. While many of the proposed categories, such as information related to potential terrorist activities, seem reasonable, some more vague definitions have caught the eye of industry experts. One mentioned specifically by Wired is knowledge or data related to "serious economic harm," a broad category that, in many instances, has only a small connection to cyber defense.
"There are two major roadblocks that may arise from these seemingly broad provisions."
There are two major roadblocks that may arise from these seemingly broad provisions. The first is fewer businesses may be willing to share their information in the first place, as the initial opt-in to the program is voluntary. The lack of widespread sharing would harm the strength of protections and undercut the usefulness of the potential legislation. The other potentially negative issue relates to consumer perception. Businesses that deal with individual consumers and other companies could feel pressure from those clients to not participate because some of their own information would be included in the information-sharing provisions. This is a hypothetical problem, of course, and it remains to be seen how different client segments of the business-to-consumer and business-to-business markets respond.
Strength of security efforts
The proposed Cybersecurity Information Sharing Act has the potential to increase collaboration and identify threats to businesses in a more efficient manner than in the past. It remains to be seen whether the bill will take the rest of the steps needed to become law, and companies can't count on the bill to provide them with comprehensive cybersecurity coverage.
Companies with the best protections against cybercrime have taken the initiative to protect their own valuable and sensitive data. With a cyber threat intelligence system such as the NC4 Cyber Threat Exchange, organizations take more responsibility for safety into their own hands. Instead of relying on outside agencies and partnerships that may or may not prove to be effective, businesses can create effective trusted communities themselves.
Thanks for contacting NC4! A member of our team will be in touch with you shortly.