Cybersecurity Information Sharing Act (CISA) Passes After Being Slipped into 2,242-Page Spending Bill
CISA will offer some protection for companies that share cyberattack information with the government. Until now, companies often shied away from sharing their cybersecurity woes for fear an investigation may expose them to harsh penalties, civil litigation, or even criminal prosecution. While this Act will not eradicate those concerns, this is considered a step in the right direction to attempt to unite victims of cyberattacks with the governmental agencies investigating the attacks, specifically limited at this time to the Department of Homeland Security.
Critics of the Act claim the protections fall short of being realistic and meaningful causing companies to continue balking at cooperating with the government's voluntary data-sharing initiatives. Civil liberty groups criticize the Act calling it a serious threat to civil liberties and privacy. Defenders point out this Act is voluntary. Companies and individuals can choose whether or not to share information with the investigating agencies.