Flag_of_the_United_States_Department_of_Homeland_Security.svg_-1024x614.png

Now that the bill passed the Senate it has arguably completed the most difficult part of its journey towards becoming law. CISA will “soon” return to the House, where legislators will hammer out the details of the bill and then offer it to the President’s desk for approval. Schultz said in a statement, “we’re [the White
House] hopeful that the Senate and House can work together expeditiously to send the best possible bill to the president’s desk as soon as possible.”

After a lengthy cybersecurity and privacy debate that ultimately ended in a landslide Senate vote, the dominant question now appears to be how the private sphere will adapt to life with CISA.

First, it’s important to understand who will be involved with the sharing of cybersecurity data (threat intel) under CISA and to know that, at least for the moment, it’s an entirely voluntary process enabled by liability protection.

The fact of the matter, is that following a cyber attack, both the private sector and the government can benefit from a formal framework that at least establishes parameters for information sharing, response and mitigation. As hackers become increasingly sophisticated, there is a need for greater collaboration and to have both parties working together to facilitate responses and create technologies to build cyber resilience. These are simply the facts, but what is not agreed upon is how this should done, at what cost and by whom.

Under CISA, the Department of Homeland Security (DHS), a civilian agency, will be the recipient of these data caches, while the participants could include everyone from cybersecurity firms, social media franchises, large retailers, e-commerce businesses like Amazon and banks, among others.

Once data is collected/submitted, it is “scrubbed” of personal/user information and condensed prior to arriving before the intelligence agencies—CIA, NSA and FBI. Who is responsible for and to what degree the data should be scrubbed remains a major question carried by vague language and an imprecise definitions within the bill.

Read more:

http://dcinno.streetwise.co/2015/10/29/why-cybersecurity-firms-wont-share-data-with-cisa-fed-dhs/?utm_source=newsletter&utm_medium=dd&utm_campaign=2015_10_30