A Matter of Trust: Taking a Look at the CISA Controversy

Kurt UnderwoodBy Kurt Underwood
Global Leader of Protiviti’s IT Consulting Practice

 

 

 

Back in October, we issued a Flash Report on a senate move regarding a proposed law that has spurred controversy at home and abroad. The bill is intended to improve cybersecurity in the United States through enhanced sharing of threat information.

Now out of committee, and potentially up for a floor vote in the Senate soon, the Cybersecurity Information Sharing Act (CISA) would allow (but not require) the sharing of Internet traffic information between U.S. government agencies and technology and manufacturing companies, making it easier for companies to share cyber threat information with the government.

The bill provides legal immunity from privacy and antitrust laws to companies that provide threat information from, say, the private communications of users, to appropriate federal agencies and other companies. It also permits private entities to monitor and operate defensive countermeasures to detect, prevent or mitigate cybersecurity threats or security vulnerabilities on their own information systems, and, under certain conditions, the systems of other private or government entities.

Although the bill includes provisions to prevent the sharing of personally identifiable information (PII) irrelevant to cybersecurity, some worry whether those protections are adequate.

The U.S. Chamber of Commerce, National Cable & Telecommunications Association, and other advocacy groups support the measure, on the grounds that the information in question is already flowing freely to spies and criminals around the world. Others, including the Computer and Communications Industry Association and various prominent technology companies, oppose it as a violation of personal privacy.

In the end, it all boils down to trust. Repeated high-profile security breaches of PII and other sensitive data have raised questions regarding the ability of government and large corporations to secure their data. It is interesting to note that the Department of Homeland Security, the designated entry point for all submitted data under the proposed law, is among those opposed to the bill.

The concern crosses international borders. A European court recently struck down an agreement that previously allowed U.S. companies to import the personal information of EU citizens and store that information within the United States. The agreement was called into question over a lawsuit questioning the protection of PII from the U.S. government.

For a more detailed analysis of CISA, you can download the Protiviti Flash Report, Proposed Cybersecurity Information Sharing Act Sparks Controversy. I am interested in your take on the issue in the comments section below.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s