The United States Senate opted not to vote on a controversial cybersecurity bill that would have increased cyber threat information sharing between the private sector and the government and provided some liability protection for companies that share threat data.
Majority leader Mitch McConnell (R-Ky.) withdrew the bill, called the Cybersecurity Information Sharing Act (CISA) for consideration after several senators called for amendments. The Senate will instead consider the bill after its August recess, along with more than 20 suggested amendments.
During debate on the measure this week, Sen. Susan Collins (R-Maine) commented, “There is no law that we could ever write that is going to prevent every cyber attack.” However, she called CISA “a good first step” to preventing “a deadly blow to our economy.”
“We know the steps to take to prevent a cyber 9/11,” Collins stated. She also presented an amendment focused on shoring up the nation’s critical infrastructure against cyber attacks.
“Eighty-five percent of our country’s critical infrastructure is owned by the private sector and we are not nearly prepared enough for the death and destruction that could be caused by a major cyber attack,” Collins told fellow lawmakers.
On the privacy question, Collins said that sharing cyber threat data made sense from a prevention standpoint.
“Does it make sense that we require a single case of measles to be reported to the federal government, but not an intrusion to the controls of a piece of critical infrastructure that could result in the death of 2,500 people?” she asked.
For Sen. Ron Wyden (D-Oregon), CISA represents giving up far more privacy than the Senate and the American public may realize. He referenced a “secret” opinion report on the bill issued by the Justice Department that has not been made public and that many senators may not have read.
“Understanding the executive branch’s interpretation is important in understanding the relative legal landscape on cybersecurity,” said Wyden. He added that once cyber threat data is sent to the federal government, the public may not realize the extent to which it can be used. Cyber industry proponents of public-private sharing have said that threat data should be scrubbed for anonymity, but privacy advocates have objected to the practice.
“We all understand that we are facing very real cyber threats. This bill, in its current form, would do very little to prevent large cyber attacks, like the one at OPM,” said Wyden. “These bills weaken privacy laws without improving cybersecurity.”
Wyden went on to quote Benjamin Franklin by saying, “Anyone who gives up their liberty to have security doesn’t deserve either.” He added that in the fall, Congress will “have an opportunity to learn that cybersecurity doesn’t cancel out liberty.”
Erin is the managing editor of Advisen’s Front Page News. She has been covering property-casualty insurance since 2000. Previously, Erin served as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at [email protected].
