"For those unfamiliar with the decade-old law, the Cybersecurity Information Sharing Act gives companies permission to share threat indicators with the government. It sounds like something no one would disagree with when you put it that way, but dig a little deeper and you'll find that the Act permits companies to share cyber threat indicators with the feds but requires removing personal information not directly related to a threat before doing so."
"As part of the law, companies that share such data with Uncle Sam are immune from lawsuits by customers who don't want the government knowing their business. Those who share data under CISA are also given first dibs on new threat intelligence. There were attempts to add stronger privacy amendments, mind you, but those were stripped from the bill at the last"
Unless Congress passes an extension, federal funding will lapse and the 2015 Cybersecurity Information Sharing Act will expire at 12:01 on October 1. A House continuing resolution had included a CISA extension to November 21 but the Senate rejected that measure. CISA permits companies to share cyber threat indicators with the federal government after removing personal information not directly related to threats. Companies that share under CISA receive liability immunity and priority access to threat intelligence. Supporters say CISA creates a pipeline for critical threat warnings; critics characterize it as a privacy invasion. Stronger privacy amendments were removed from the bill.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]