The US senate last night easily passed legislation aimed at bolstering the country’s cyber defenses, advancing the first serious attempt in Congress to combat the attacks hitting a growing number of businesses and government agencies in recent years.
The bill, which would expand liability protections to companies that choose to share cyber-threat data with the government, must be reconciled with two similar information-sharing measures that passed the House of Representatives earlier this year. It cleared the Senate by a vote of 74-21 with strong bipartisan support.
The White House announced support for the bill last week, although it stated a desire for some revisions before it lands on President Barack Obama’s desk.
The Cybersecurity Information Sharing Act (CISA) is a proposal that languished in the senate for several years partly because of privacy groups' concerns it would shuttle more personal information into the hands of the National Security Agency and other government spies.
But business interests, including the US Chamber of Commerce, have argued an information-sharing law is necessary to allow the private sector to cooperate more closely with the government on detecting and minimising cyber threats without fear of lawsuits.
A round of amendments intended to strengthen some of the bill’s privacy protections failed today as the bill’s bipartisan sponsors warned last-minute changes could upset the balanced language that was the culmination of years of negotiations.
Skeptics of CISA have said it would do little to prevent malicious breaches like the kind that crippled Sony Pictures last year, which the Obama administration publicly blamed on North Korea, or recent thefts of data from companies like Target, Home Depot or Anthem Insurance.
Even some of the bill’s supporters have conceded the bill is a small first step to shore up US cyber defenses, which are constantly under assault by hacking groups and foreign nation-states like China and Russia, according to government officials.
The bill’s passage through the senate was a defeat for digital privacy activists who celebrated the passage in June of a law effectively ending the NSA’s bulk collection of US call data.
The curtailment of that program, which had been exposed in 2013 by former NSA contractor Edward Snowden, represented the first significant restriction of the US government’s intelligence-gathering capabilities since the Sept. 11, 2001, attacks.