110215cisa100625095orig

Cybersecurity bill approved, but what does it accomplish?

It may have been easy for Congress on Friday to approve the Cybersecurity Information Sharing Act (CISA), despite past controversy around it.

This bill does not hike federal spending or impose sweeping regulatory rules. Its main feature is something many firms will be happy to get: liability protection if they share information with the government about cyberthreats and attacks.

CISA was slipped into the keep-the-government running $1.1 trillion spending bill. It was approved just before lawmakers took their holiday recess. The cybersecurity provisions of the bill itself are expected to cost the government about $20 million over a four-year period.

The White House was expected to sign the bill, and possibly upset a long list of tech firms, including Apple, Google and Facebook, who are worried about private information getting into government hands.

Lawmakers are betting that the measure will improve security, but the legislation's effectiveness will ultimately be settled by the attackers who breach corporate systems.

Alan Paller, director of research at SANS institute, said the bill won't accomplish "a thing" in terms of improving information security, or reducing vulnerabilities.

But Avivah Litan, an analyst at Gartner, said the bill will matter. Because of legal issues, a malware attack discovered by one firm wasn't necessarily shared, and this sharing of information is critical.

"Now you know exactly what the attack looks like" as result of information sharing, said Litan. "The bad guys use the same attack in multiple places."

The government will be required to create a portal for information sharing. It limits the government use of threat information to cybersecurity purposes, which includes threats to minors and countering cyber-related crimes.

There have also been warnings by privacy advocates such as the Electronic Frontier Foundation that the bill is a swamp of "immunity clauses, vague definitions and aggressive spying powers" that have turned it into a surveillance bill. Those comments came in an earlier critique of the legislation.

IDG Insider

PREVIOUS ARTICLE

« Apple and IBM partnership yields 100 iOS enterprise apps

NEXT ARTICLE

LifeLock pays $100M to settle FTC complaint of more false advertising »
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail

Recommended for You

International Women's Day: We've come a long way, but there's still an awfully long way to go

Charlotte Trueman takes a diverse look at today’s tech landscape.

Trump's trade war and the FANG bubble: Good news for Latin America?

Lewis Page gets down to business across global tech

20 Red-Hot, Pre-IPO companies to watch in 2019 B2B tech - Part 1

Martin Veitch's inside track on today’s tech trends

Poll

Do you think your smartphone is making you a workaholic?