On July 8, 2014, in closed session, the U.S. Senate Committee on Intelligence voted 12-3 to report the Cyber Information Sharing Act (CISA). The bill would grant legal immunity for companies to share cyber threat data with the government, and is informally known as “CISPA 3.0,” a revised version of cyber security and information sharing legislation previously introduced, which met heavy opposition from privacy and civil liberties advocates. CISA’s passage through committee was met with similar dismay.
CISA would authorize private companies to monitor their own networks for cyber threats and implement countermeasures to block those threats. Sharing of cyber threat data would be permitted only for cybersecurity purposes, and companies would be required to avoid sharing employee and consumer personal information. Threat data would be sent to the Department of Homeland Security and then shared in real time with other federal agencies through a portal.
A similar bill to provide liability protection for cyber threat sharing passed the House last year (CISPA); however, President Obama threatened to veto that bill unless Congress strengthened privacy protections. Members of the Senate Intelligence Committee have consulted with the White House and have said they believe CISA balances privacy concerns with the desire to improve computer network security.
It is unknown at this stage whether the Senate will take up the bill for floor debate before the August recess. House Intelligence Committee Chairman Mike Rogers (R-MI) has been urging his colleagues across the Capitol to act on cybersecurity legislation prior to the recess, as reaching any compromise between the two chambers will be increasingly difficult as the November elections approach.