Senate Passes Cyber Security Bill

Capital & computer cords composition

Photo composition by Thursday Review

Senate Passes Cyber Security Bill

| published October 28, 2015 |

By Keith H. Roberts, Thursday Review staff

 

The hacking of U.S. businesses and U.S. government agencies has become a profound and dangerous problem for American security, and Congress wants to take action.

The Senate passed a bill this week which encourages companies to more fully cooperate with U.S. cyber-security agencies and law enforcement, and to coordinate efforts between business and government on a national scale to thwart hackers. To facilitate that cooperation, the legislation also expands liability protections for those same companies if they engage in robust information-sharing with the appropriate government agencies—meaning those companies would be shielded from some types of lawsuits when personal data is shared between business and government. The bill will also introduce incentives for companies to hire the right security personnel—those with appropriate knowledge of cyber threats and how to prevent them.

The Senate’s legislation will almost certainly be hammered into shape to make it compatible to similar bills being considered by the U.S. House of Representatives, and the White House has also said that it may want to make changes as well, though the Obama administration has already said it will support any legislation Congress wants to offer in the area of cyber-security.

The Senate bill is called the Cybersecurity Information Sharing Act, or CISA. If successfully merged into the legislation already under consideration by the House, the combined bill would be the first major effort by all governing branches to combat the growing and costly problem of cyber-attacks, whether those assaults come from rogue and independent hackers, from organized crime, or via state-sponsored cyber units, such as the ones suspected in several recent breaches which have been linked to China, North Korea and Russia.

Cyber-attacks cost the U.S. billions each year. Many of the attacks have been on businesses: banks, financial institutions, retailers, insurance companies and health care providers. But equally disturbing are the recent cyber-attacks directed against agencies of the U.S. government, including high profile breaches at the Internal Revenue Service, the Office of Personnel Management, and even the Pentagon.

Those cyber-attacks cause increased prices for everyone in the marketplace. In recent years, several major companies have been the victims of serious security breaches, including Anthem (a health insurance giant), Home Depot and Target (both of whom were the victims of massive attacks which resulted in the theft personal data for millions of customers), and the entire medical and hospital network of UCLA. The UCLA cyber breach resulted in the theft of the social security numbers, birth dates and addresses of some 4.5 million patients. Though the full scale of the 2013 Target attack is still not known, experts believe that it resulted in the theft of personal data—mostly credit card information—of more than 70 million customers during a six week period. Similar attacks were waged against retailers Michael’s and Neiman Marcus. The now infamous Sony Pictures cyber attack may have been the most costly corporate breach known to date, with untold millions still at stake in lost revenue, exposed business data, and pending litigation. The FBI and the White House blamed the Sony attack on a cyber-military unit in North Korea.

Taxpayers also foot the bill for cyber-attacks against government agencies. Just this year, hackers with links to both Russia and China have been identified in computer breaches against the White House, the Joint Chiefs of Staff, the IRS, and the Office of Personnel Management, which maintains employee records for millions of government workers and government contractors.

The June cyber-attack on the OPM may have resulted in the exposure of social security numbers and background check records of at least 22 million federal workers. The OPM maintains a database called the Central Personnel Data File, which includes almost all federal workers who have been required to undergo thorough background checks. The files contain personal data, such as addresses, cell phone numbers and social security numbers, but they can also contain the extensive records of the background checks required of those who work in sensitive jobs.

The Senate bill, like the legislation already considered in the House, is not without its share of critics, especially privacy advocates who worry that some of the language found in the Senate version allows for too much government prying into personal information and data. Critics also worry about the liability aspect of the bill; by specifically shielding corporations and businesses from some forms of legal action if customer data is deliberately shared or inadvertently swapped during anti-breach preparedness or post-breach investigations, will businesses and select government agencies gain even more detailed data about their subjects. Some privacy advocates worry specifically about the NSA, which already harvests information in its wide net of data collection.

The White House put some restrictions on the NSA’s program in in 2014, after information obtained by a computer operative named Edward Snowden revealed to the public the scope and breadth of the NSA’s data harvest.

Still, the Senate bill passed easily, and Washington analysts suggest that it will meet little resistance from the White House, which has advocated such legislation for several years.

Related Thursday Review articles:

More Than 22 Million Impacted by Cyber-Attack; R. Alan Clanton; Thursday Review; July 9, 2015.

Email Account of CIA Director Breached; Thursday Review; October 20, 2015.