CISA’s Failure May Come to Haunt the Technology Industry

Robinson+Cole Data Privacy + Security Insider
Contact
LinkedIn
Facebook
X
Send
Embed

[author: Kyle Prigmore]*

The Cybersecurity Information Sharing Act of 2015 (CISA) was intended to incentivize private entities to share threat intelligence information with the federal government (specifically the Department of Homeland Security), allowing all parties to react more quickly and efficiently to cyber threats. The vision was that thousands of companies would sign on, creating a powerful network that could form a joint defense in real time against emerging cyber threats. The dream is not going well. At last count, there were six non-federal entities signed up with DHS. The reasons for this failure are both technical (DHS has allegedly done a terrible job of contextualizing threat data to make it actionable) and non-technical (privacy is increasingly a business consideration, and working with the government creates bad optics).

One would like to believe this is just the market in a free society playing itself out. CISA was aspirational, but few companies appear to want to share their data with the government, even if they receive benefits in return. They don’t want to pay the hard costs to set up the systems or achieve compliance, nor do they want to risk paying soft costs associated with partners/customers discovering that they are voluntarily sharing data with the government. Ultimately, the government tried to get this going, but they failed, so end of story, right?

Wrong! Lawmakers are trumpeting CISA’s failure as evidence that a voluntary threat sharing program is never going to work,and that the government should instead mandate that private companies share their threat intelligence data. It is impossible to predict how such a legislative mandate would play out. How would it be enforced? Will the government be checking on Google and Microsoft and others to ensure compliance? Who knows! For once, it may be in the best interest of the public to root for lobbyists working on behalf of Big Tech, because if they can’t talk lawmakers down from this cliff, then the jump into mandating public-private partnerships is going to be messy for everyone.

 

*student at Roger Williams University School of Law

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Robinson+Cole Data Privacy + Security Insider
Contact
more
less

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide