Implications of CISA

Looking at the adverse effects of the new cybersecurity bill

Matthew D'Aguanno, Staff Writer

Hang on for a minute...we're trying to find some more stories you might like.


Email This Story






There’s almost a nine out of 10 chance while reading the title of this article that you are unaware of any implications of the Cybersecurity Information Sharing Act passed on the Senate floor Tuesday evening, or even the fact that it exists.
Maybe, acronyms such as SOPA, PIPA or CISPA ring a bell.
If not, it’s time to start paying attention to one of the most pertinent issues at stake right now: our cyber privacy.
Here’s a quick synopsis of the bill and its intended actions: CISA is a bill allowing companies to “anonymously” share its data with the government for the sake of cyber security.
It is from a three-part piece of legislation regarding cyber security being brought to the President to sign once the House of Representatives have passed it.
The intent of this bill is to shut down cyber fraud, which has been growing exponentially over the past decade and affected companies such as Home Depot, Anthem and Target.
The overall idea is a fantastic selling point and the added measures to prevent “hacking back” and to inform consumers that their information has been illegally shared are excellent additions.
Only when the parlance of the bill is broken down does the lack of attention display glaring errors.
While the idea is appreciable, the execution would be severely lacking.
Craig Newman, an expert on cyber law, calls it “a useless bill.”
Imagine a government group keeping up with a malicious, nimble hacker who requires no debate or agreement to commit a crime.
The lack of inefficiency would be astounding.
It becomes more of a surveillance bill than a cyber security bill. The government’s attempt to correct this is to keep the terminology broad to compensate for the anticipated growth of technology projected to surpass human intelligence by 2022.
Yet again, it is a great idea with  lack of execution.
There is no definition of how cyber threat information is going to be shared within the private sector or how information will be managed or disseminated.
Broad terminology should necessarily equate to strong use restriction to avoid abuse of law.
On top of this, the wording of the bill easily allows for the NSA and FBI to over-rule the privacy part of this bill and collect personal data without informing you of their actions.
This is all based upon perception, but should it even be something perceivable?
History has shown the centralization of power and information is a disaster that occurs over and over again.
The outline of this bill has great potential, but yet again lacks clarity in several ways.
The process for passing a bill should not be a rough sketch of an idea only to  work out the kinks later.
It needs to be ironclad and if security is what Congress wishes to breach, then they must do better and we must let them know it.