The Senate passed a bill Tuesday aimed at improving cybersecurity by encouraging companies and the government to share information about threats. It took roughly six years to win approval for such a program.
The Cybersecurity Information Sharing Act passed by a 74-21 vote. It overcame concerns about privacy and transparency from some senators and technology companies, such as Apple and Yelp.
The bill’s co-sponsors, Sens. Dianne Feinstein, D-Calif., and Richard Burr, R-N.C., said the measure was needed to limit high-profile cyberattacks, such as the one on Sony Pictures last year.
Companies would receive legal protections from antitrust and consumer privacy liabilities for participating in the voluntary program.
Despite the lengthy road to pass the Senate bill, it’s unclear whether it would improve Internet security. Participation is voluntary and companies have long been reluctant to tell the U.S. government about their security failures.
“Passing the bill will have no effect on improving cybersecurity,” said Alan Paller, director of research for the SANS Institute. “That’s been demonstrated each time sharing legislation has been passed. The cost to companies of disclosing their failings is so great that they avoid it even if there is a major benefit to them of learning about other peoples’ failings.”
Cyberattacks have affected an increasing number of Americans who shop at Target, use Anthem medical insurance or saw doctors at medical centers at the University of California, Los Angeles.
More than 21 million Americans recently had their personal information stolen when the Office of Personnel Management was hacked in what that the U.S. believes was a Chinese espionage operation.
Sen. John McCain, R-Az., chairman of the Senate Committee on Armed Services, called the bill’s passage an important first step. He noted that in the past year the United States has been attacked in cyberspace by Iran, North Korea, China and Russia and that there had been attacks against the Joint Chiefs of Staff, the Pentagon, OPM and an email hacking of the director of the Central Intelligence Agency.
The U.S. and the technology industry already operate groups intended to improve sharing of information among the government and businesses, including the Homeland Security Department’s U.S. Computer Emergency Readiness Team.
Reference: Associated Press. (October 28, 2015). Retrieved from http://www.foxnews.com/politics/2015/10/28/senate-passes-cybersecurity-bill-pushing-sharing-info-on-hacker-threats/