On Mammoth Bills And Giant Defeats

December 21, 2015 at 9:25 am Leave a comment

A little before three o’clock yesterday I was so disgusted by my Giants-who were trailing 35-7- that I turned off the game secure in the knowledge that their hopes of making the playoffs were over. I was so desperate to wash football from my head that I  searched for the Cybersecurity Information Sharing Act (CISA) which was tucked away in the good old-fashioned mammoth budget bill signed by the President late last week.  CUNA and NAFCU both supported the bill,  which makes it easier for credit unions and businesses to share information with each other and the federal government about cyber threats without violating federal law or getting sued. http://docs.house.gov/billsthisweek/20151214/CPRT-114-HPRT-RU00-SAHR2029-AMNT1final.pdf

Since 9\11,   large corporations and banks have been complaining that existing laws make it difficult for companies and the government to share cyber threat information.  The major thrust of the act is to facilitate the sharing of cyber threat intelligence  by allowing   companies to enter into agreements to monitor each other’s information technology systems without running afoul of federal law or getting sued . For example, the law authorizes “two or more private  entities to exchange or provide a cyber threat indicator or defensive measure, or assistance relating to the prevention, investigation, or mitigation of a cybersecurity threat.” In addition the law stipulates that  “No cause of action shall lie or be maintained in any court against any private entity, and such action shall be promptly dismissed, for the sharing or receipt of a cyber threat indicator or defensive measure.”

The next step is for the government to issue proposed guidance and regulations laying out in greater detail what information can be shared and under what circumstances. Given the criticism of the bill from privacy advocates who have described it as the next Patriot Act.  expect an intensive rule making process. The bill is a step in the right direction for those of us who feel that the country needs a more robust and coordinated cyber defense system.

But much more still needs to be done.  Most importantly, it does nothing to address other cyber issues of more pressing concern to many credit unions.  For example it  imposes no cyber security protocols on merchants.  Instead,  the government is tasked with  accessing cyber security  implementation challenges faced by small businesses as part of a broader effort to disseminate cyber security “best practices.”

When I was done reviewing the bill I went  to  a family get together where I started complaining about the Giants getting blown out.  My Father-In-Law looked at me like I was nuts.  In ends up that I missed the  greatest comeback in Giants’ history which is fine with me because they ended up losing anyway when the Panthers kicked a game winning field goal as time expired.

Entry filed under: Compliance, Regulatory, technology. Tags: .

Will Fed Go All-In With Rate Increase? Iconic NY Credit Union Goes Under

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed

Authored By:

Henry Meier, Esq., General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 503 other followers