The Cybersecurity Information Sharing Act (CISA) is a U.S. federal law designed, in its own words, to “improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes.” The law allows traffic information from the internet to be shared between technology and manufacturing companies and the U.S. government. The bill was introduced in the U.S. Senate on July 10, 2014, and passed as an amendment into a consolidated spending bill, which was signed into law by President Barack Obama on Dec. 18, 2015.
CISA offers data sharing and liability protection for data shared as security information at the B2B (business to business) and B2G (business to government) levels. Opponents to the law question the value of the law, saying it will move responsibility from private business to the government, thereby increasing vulnerability of personal private information. It also helps disperse personal private information across seven government agencies, including the National Security Agency (NSA), FBI, state law enforcement, and local police agencies. Many people believe this gives too many people anonymous access to business and personal information (such as credit card data) that could be easily compromised without a clear line of responsibility.
Most former, and many current, government employees are questioning the logic of sharing so much information without clearly defining security requirements and responsibilities. After more than one data breach by foreign hackers of government systems, you should ask yourself why should business hold any expectation of help and cooperation from the government if they can’t protect their own systems.