Cyber threatsharing law set to lapse as govt shutdown looms The Register

pBarring a lastminute deal the US federal government would shut down on Wednesday October 1 and the 2015 Cybersecurity Information Sharing Act would lapse at the same time threatening what many consider a critical plank of US cybersecurity policyppThe CISA Act of 2015 not to be confused with the CISA Act of 2018 which established the government agency of the same name the CISA referred to throughout this story is the Information Sharing law not the agency is due to expire 1201 am ET on October 1 the same moment federal funding lapses absent a continuing resolution ppThe continuing resolution that the House passed last week and which the Senate quickly rejected included an extension of CISA and several other bills mostly related to healthcare until November 21 by which time politicians hoped they could hammer out something more definite ppIts not going well but well get to that ppTo its supporters CISAs provisions create a pipeline of critical threat warnings that flow between the government and businesses To its detractors CISA is nothing more than a privacy invasion disguised as a security measure ppCISA like American politics is polarizingppFor those unfamiliar with the decadeold law the Cybersecurity Information Sharing Act gives companies permission to share threat indicators with the government It sounds like something no one would disagree with when you put it that way but dig a little deeper and youll find that the Act permits companies to share cyber threat indicators with the feds but requires removing personal information not directly related to a threat before doing soppAs part of the law companies that share such data with Uncle Sam are immune from lawsuits by customers who dont want the government knowing their business Those who share data under CISA are also given first dibs on new threat intelligence ppThere were attempts to add stronger privacy amendments mind you but those were stripped from the bill at the last minute Even so the statute includes civilliberties guidelines and mandates scrubbing unrelated PII Federal agencies may use shared information for specified purposes including for the prosecution of crimes whether cyberrelated or not ppAs we reported a decade ago privacy advocates were decidedly unhappy about CISAs passage Many elected officials were displeased with the CISA Act too Senator Ron Wyden DOR then a spry 66 years old and less than 20 years into his ongoing Senate career described the bill as being little more than a way to legalize federal government surveillance Wyden proposed an amendment to the CISA Act to add protections that required companies to remove personal information not necessary to describe or identify a cybersecurity threat from submissions to the government The amendment didnt pass ppWe reached out to several organizations that expressed dissatisfaction with CISA a decade ago to get their take on the possibility of its ending but didnt receive answers to our questions before publication ppSupporters of CISA including former FBI cyber division deputy assistant director Cynthia Kaiser see it another way After a decade in effect CISA has become a critical part of US cyber threat reporting ppThe CISA Act of 2015 has quietly become the backbone of our nations cyber defense Kaiser said in an oped published in Fortune last month advocating for CISAs extension ppThe Acts protections have facilitated threat warnings to thousands of organizations just this year Kaiser continued Its potential sunset threatens to unleash a wave of cyberattacks that will devastate the small and mediumsized businesses that form a foundational part of our economyppThe exFBI leader claimed that CISA threat sharing had prevented billions of dollars in cyber incident losses over the past decade but more than that she said its led to a culture shift where information sharing is the default rather than the exception ppThis principle of mutual aid and shared defense has made America stronger and we cannot afford to abandon it now Kaiser concludedppThe House passed its own version of the continuing resolution last week sending it to the Senate where members shot down both the House bill and a version put forward by Senate Democrats The only movement either side has made since then has been to dig its heels in even further and refuse to budge on what the other side wants ppHouse Minority Leader Hakeem Jeffries DNY laid blame on Republicans on Thursday calling their CR the largest cut to Medicaid in American history and proclaiming that Democrats wouldnt acquiesce to a bill that didnt include continued funding for healthcare programs like clinic funding community health centers and other health programs set for a similar shortterm extension to CISA under the Housepassed bill ppThe Senate largely rejected the House continuing resolution amid disputes over healthcare provisions and spending levelsppRepublicans meanwhile blame Senate Democrats for not backing Senate Republicans in their stripping of those measures in order to get the resolution to Trumps desk for signature before the government shuts down at 0401 UTC 0001 ET on Wednesday October 1 ppWe reached out to leaders in both chambers and parties to learn if there has been any progress toward passage of a bill that at the very least deals with the CISA issue No one bothered to respondppThe Senate isnt due back in chambers until Monday September 29 when it plans to once again attempt to pass the continuing resolution The House doesnt intend to return from a long weekend until the following day giving it practically no time to agree to a modified bill if such a measure manages to pass the Senate ppSend us newsppThe Register Biting the hand that feeds ITpp
Copyright All rights reserved 19982025

p