Business Groups: Don’t Let Cybersecurity Bill Stall Out
Officials in the retail and financial sectors were able to push the Cybersecurity Information Sharing Act through the House earlier this year, but the Senate has proved to be more challenging. Part of the reason is that privacy advocates have ramped up their criticism of the law—at times using unusual methods to make their point.
The energy that business groups have generated around sharing cyberthreat data hasn’t always followed through to Congress, but groups such as the Financial Services Roundtable (FSR) are trying to ensure that legislators keep their eye on the prize.
After starting the year with President Barack Obama’s full attention, financial groups are running into issues with pushing the Cybersecurity Information Sharing Act (CISA)—which passed the House earlier this year—through the Senate. One of the issues is the increasing opposition of privacy groups and some Democratic senators, who see the bill as majorly flawed.
Some groups have gone so far as to flood Congress with faxes in an effort to prevent the bill from getting any further. (An estimated 6.2 million faxes were sent to the Senate last month, which sounds like a lot of paper.)
“We Need a Team America Approach”
Now with the Senate in the midst of a long recess, FSR and its chief executive, former Minnesota Gov. Tim Pawlenty, are working to keep CISA from falling off the radar entirely. Pawlenty emphasized that, by allowing corporations to share threat information with the federal government without risk of liability, the bill could help protect information from getting into the wrong hands.
“We need a team America approach,” Pawlenty said of the bill, according to The Hill. “We’ve got to work as a team if we’re going to successfully identify and defend against those kind of threats. No one company, no matter how large they are, can do it by themselves.”
Regarding the privacy concerns, Pawlenty suggested that the problems with the bill may be in part due to poor framing of the legislation’s goals.
“It’s really important that we distinguish that we’re not talking about sharing personal information,” he emphasized. “We’re talking about sharing cyber threat information.”
Retailers Speak Up
Outside of the financial sector, the retail space has also come out strongly in favor of the bill—particularly an amendment by Sen. Tom Cotton (R-AR) that would extend the sharing of cybersecurity threats outside of the Department of Homeland Security’s main portals—something advocates say would make threat-sharing easier.
In a letter to the Senate majority and minority leaders earlier this month, the Retail Industry Leaders Association, the Food Marketing Institute, the National Association of Convenience Stores, and the National Retail Federation expressed their support of the bill and amendment.
“A major barrier that prevents the business community from working together to combat these unprecedented attacks is the risk of costly frivolous lawsuits,” the groups said in their letter. “We believe that Congress should enact legislation that gives businesses legal certainty that they have safe harbor against frivolous lawsuits when voluntarily sharing and receiving real time threat indicators and defensive measures and taking actions to mitigate cyberattacks.”