Security breaches prompt unprecedented lobbying for CISA bill
Iterations of the Cybersecurity Information Sharing Act, or CISA, currently being considered on Capitol Hill, have come and go over the last few congressional sessions, but corporations are lobbying in favor of the bill harder than ever before.
In the first quarter of 2015, corporations have lobbied on behalf of CISA to the tune of triple the support that’s been showed in years past for cyber-sharing bills, according to disclosure forms analyzed by The Hill ahead of a report published on Tuesday.
Indeed, records hosted on the transparency website OpenSecrets
reveal that 181 unique entities have registered to lobby
on behalf of CISA so far in 2015 - a significant leap from years
past when 33 and 117 corporations registered to lobby on previous
incarnations of the bill during the 112th and 113th congressional
sessions, respectively.
READ MORE: CISA text released: Cyber bill
revisions fail to impress privacy campaigners
If approved in the House and Senate and authorized by President
Barack Obama, CISA would offer incentives for corporations that
exchange cyber threat information with the United States
government. Amid a series of high-profile security breaches, the
effort is being touted as a solution by serving as a means of
letting cyber experts and infrastructure administered by the
federal government assist in analyzing, preventing and
remediating attacks launched against private sector computers. In
exchange, the companies would be shielded from legal liability.
Critics have raised concerns about this bill as in years past,
however, mainly over fears that codifying data sharing would put
too much sensitive personal bits and bytes into the hands of
Uncle Sam.
While the matter of potentially magnifying the government’s
ability to sniff web data has been an issue of contention in
years past, the hacks of Sony Pictures Entertainment, Target,
Home Depot and other big name corporations and retailers in
recent months has renewed an interest in securing the nation’s
networks by any means necessary.
Lobbying disclosure records available online show that the 181
organizations that have registered to promote CISA including
industry titans AT&T, Microsoft, Comcast, Cisco, General
Motors, Google, the American Insurance Association, Intel,
JPMorgan Chase, Pepsico, J Penney and Monsanto, among dozens of
others.
Those firms, a health insurance official told The Hill, are
“making sure there’s a way to share data on potential threats
to help identify them beforehand ... [to] make sure there are
those open lines of communications.”
“In all of these cases, what has emerged is a sense of where
we need to focus more of our attention is actually on the
data-sharing element between the public and private sector,”
the insurance official said.
At an event at Georgetown University last month,
two of the top attorneys with the US Dept. of Justice urged
corporations to forge relationships with law enforcement
partners, regardless of whether CISA is passed, to ensure
concerns of a potential breach can be brought up more easily.
“You need to have a point-of-contact in law enforcement before
you're hacked,” Assistant Attorney General Leslie Caldwell
of the DoJ's criminal division said, “... to know what you're
supposed to do.”
CISA was approved nearly unanimously by the Senate Intelligence
Committee in March but has yet to be considered by the full
chamber. The panel’s chair, Sen. Dianne Feinstein (D-California),
said previously in a statement that the latest version of the
bill “address[es] many of the concerns that had been raised
in regard to earlier drafts,” specifically with regards to
privacy. Sen. Ron Wyden (D-Oregon), the lone “nay” vote among the
committee, said the proposal was “a surveillance bill by
another name.”
Meanwhile, a similar bill being weighed in the House, the
Protecting Cyber Networks Act, advanced last month by a vote of
307-116. If authorized, it too would provide corporations with
legal liability in the event that they share threat information
with the government.
