Last week, the U.S. Senate Intelligence Committee approved the Cybersecurity Information Sharing Act 2014 (CISA) which seeks to seriously expand the information gathering abilities of U.S. intelligence organizations by authorizing voluntary sharing of information between these government organizations and the private sector.
“Cyber-attacks present the greatest threat to our national and economic security today, and the magnitude of the threat is growing,” said Senator Dianne Feinstein, Chairman of the Intelligence Committee in a statement on her website.
“Every week we hear about the theft of personal information from retailers and trade secrets from innovative businesses, as well as ongoing efforts by foreign nations to hack government networks. This bill is an important step toward curbing these dangerous cyber-attacks.”
The passing of CISA serves to highlight the large and growing concern amongst U.S. government departments over information theft. In fact, concerns over cybersecurity in the U.S. have fueled an entire industry, with the Cyber Security Market in the U.S. Government Sector projecting relatively strong growth, with a CAGR of 7.41 percent from 2013-2018.
An increase in the number of DDoS attacks, which focus on taking down network layers in order to steal confidential data. is spurring initiatives to implement more advanced cyber security policies and solutions in government departments.
Some vendors, such as BAE Systems, Boeing, and Lockheed Martin, are even introducing cyber security solutions that are specifically developed for the defense sector.
The American Dilemma: National Security vs. Personal Privacy
The Cybersecurity Information Sharing Act comes on the heels of another cybersecurity bill, the Cyber Information Sharing and Protection Act (CISPA) which last year passed the house but was quickly struck down due to concerns over privacy. But in the post-Snowden era, it wasn’t long before another cybersecurity act quickly sprung up, and CISA is the current iteration of this.
However, the bill has drawn its fair share of criticism.
In a scathing article on Wsws.org, Thomas Gaist says that, “CISA clears the way for virtually unrestrained information sharing between the U.S. government and corporations”.
He goes on to note that there are exemptions from the Freedom of Information Act built into the legislation, which could be used to protect information sharing programs from scrutiny. In addition, Gaist points out that some watchdog organizations are already opposing the bill.
“The Center for Democracy in Technology (CDT) described CISA as a “backdoor wiretap,” writing that CISA “addresses none of the Snowden revelations about the NSA” and would “funnel more private communications and communications information to the NSA.””
U.S. Senators Mark Udall and Ron Wyden also issued a statement following the mark-up of the bill, which recognizes the role and necessity of cybersecurity to the country’s economic health and national security, while also expressing concern with how the government might exploit information sharing between itself and private enterprises.
“We agree there is a need for information-sharing between the federal government and private companies about cybersecurity threats and how to defend against them. However, we have seen how the federal government has exploited loopholes to collect Americans’ private information in the name of security.”
“We are concerned that the bill the U.S. Senate Select Committee on Intelligence reported today lacks adequate protections for the privacy rights of law-abiding Americans, and that it will not materially improve cybersecurity. We opposed the bill for these reasons, but we stand ready to work with our colleagues to address its shortcomings.”
Not a great outlook for a bill still in its infancy. But CISA certainly won’t be the last act passed in the name of cyber defense, as the US continues to contend with both internal and external threats in the coming years.