The Senate will reconvenes this morning (Oct. 21) to continue debate on S. 754, the Cybersecurity Information Sharing Act (CISA), which allows for more sharing of cyberthreat information between businesses and with the government.
It would also allow law enforcement access to the info in cases of fraud, ID theft, or imminent harm.
The bill, which passed 14-1 out of the Senate Select Committee March 13, would make it easier for ISPs to share cyber threat indicators (CTIs) – usually computer code – and to take defensive measures to counter such attacks from botnets, viruses, malware and more.
The legislation authorizes voluntary sharing of cyber threat information between companies and with the government, with the stipulation that companies have to take "appropriate measures" to protect against sharing personally identifiable information. It includes including shielding them from legal liability for errors in that sharing so long as they were inadvertent.
Cable operators and other ISPS back the bill, while a number of privacy groups and computer companies don't, saying it is more about surveillance than boosting cybersecurity and suggesting the government has not proven to be a reliable steward of data.