Yesterday, along with 46 other trade associations, NCTA signed and submitted a letter to Congress urging support of the Cybersecurity Information Sharing Act (S. 754), also known as CISA.
As the Protecting America’s Cyber Networks Coalition, our fellow trade associations and we are dedicated to both securing the personal information of individuals and our nation’s critical infrastructure and protecting the privacy and civil liberties of all Americans. That’s why we support CISA, a bill that allows voluntary real-time sharing of cyber threat indicators while ensuring robust privacy protections.
“We are dedicated to securing the personal information of individuals and our nation’s critical infrastructure.”
Recent cyber incidents underscore the need for legislation to help businesses improve their awareness of cyber threats and protect customer information and to enhance their protection and response capabilities in collaboration with government entities. Cyber attacks aimed at U.S. businesses and government bodies are increasingly being launched from sophisticated hackers, organized crime, and state-sponsored groups. These attacks are advancing in scope and complexity.
It should be clear that CISA is not a government surveillance bill. It is a bill that allows sharing of cyber threat indicators and requires all known personal information unrelated to the cyber threat be removed before sharing. And it stipulates mandatory implementation of security controls to protect from unauthorized access. It also gives businesses legal certainty that they have a safe harbor against frivolous lawsuits when voluntarily sharing and receiving threat indicators and taking actions to defend or mitigate cyber attacks.
As we say in our letter, Senators Burr and Feinstein, the authors of CISA, have recently revised their bill to increase its privacy protections. Among other things, the managers’ amendment further limits the sharing of cyber threat data solely to “cybersecurity purposes.” Closely related, the revised measure eliminates the government’s ability to use cyber threat indicators to investigate and prosecute “serious violent felonies.” Taken together, these two changes put to rest any false claims that CISA is a surveillance bill. The bill’s writers have worked diligently to address the concerns of privacy and civil liberties organizations. CISA represents a well-developed compromise between all stakeholders over three Congresses.
The coalition is committed to working with lawmakers and their staff members to get cybersecurity information-sharing legislation quickly enacted to strengthen our national security and the protection and resilience of U.S. industry. Congressional action cannot come soon enough.