On Mammoth Bills And Giant Defeats
A little before three o’clock yesterday I was so disgusted by my Giants-who were trailing 35-7- that I turned off the game secure in the knowledge that their hopes of making the playoffs were over. I was so desperate to wash football from my head that I searched for the Cybersecurity Information Sharing Act (CISA) which was tucked away in the good old-fashioned mammoth budget bill signed by the President late last week. CUNA and NAFCU both supported the bill, which makes it easier for credit unions and businesses to share information with each other and the federal government about cyber threats without violating federal law or getting sued. http://docs.house.gov/billsthisweek/20151214/CPRT-114-HPRT-RU00-SAHR2029-AMNT1final.pdf
Since 9\11, large corporations and banks have been complaining that existing laws make it difficult for companies and the government to share cyber threat information. The major thrust of the act is to facilitate the sharing of cyber threat intelligence by allowing companies to enter into agreements to monitor each other’s information technology systems without running afoul of federal law or getting sued . For example, the law authorizes “two or more private entities to exchange or provide a cyber threat indicator or defensive measure, or assistance relating to the prevention, investigation, or mitigation of a cybersecurity threat.” In addition the law stipulates that “No cause of action shall lie or be maintained in any court against any private entity, and such action shall be promptly dismissed, for the sharing or receipt of a cyber threat indicator or defensive measure.”
The next step is for the government to issue proposed guidance and regulations laying out in greater detail what information can be shared and under what circumstances. Given the criticism of the bill from privacy advocates who have described it as the next Patriot Act. expect an intensive rule making process. The bill is a step in the right direction for those of us who feel that the country needs a more robust and coordinated cyber defense system.
But much more still needs to be done. Most importantly, it does nothing to address other cyber issues of more pressing concern to many credit unions. For example it imposes no cyber security protocols on merchants. Instead, the government is tasked with accessing cyber security implementation challenges faced by small businesses as part of a broader effort to disseminate cyber security “best practices.”
When I was done reviewing the bill I went to a family get together where I started complaining about the Giants getting blown out. My Father-In-Law looked at me like I was nuts. In ends up that I missed the greatest comeback in Giants’ history which is fine with me because they ended up losing anyway when the Panthers kicked a game winning field goal as time expired.