U.S. Chamber Backs Senate Intelligence Cybersecurity Bill
Posted at 2:14 p.m. on July 21
The U.S. Chamber of Commerce is supporting Senate legislation aimed at improving sharing of cybersecurity threat information between the government and private industry.
The Intelligence Committee approved the bill earlier this month.
According to CQ Roll Call’s Rob Margetta, the Chamber of Commerce has opposed past efforts to pass legislation that included new regulatory authorities and the Intelligence measure does not have such provisions.
Here’s the bulk of the letter to senators from R. Bruce Josten, the Chamber’s executive vice president of government affairs:
The Chamber believes that CISA would strengthen the protection and resilience of businesses’ information networks and systems against increasingly sophisticated and malicious actors. The bill would also complement the National Institute of Standards and Technology (NIST)-coordinated cybersecurity framework, which many business associations and companies are embracing and promoting with their constituents. The 2013 executive order that created the framework is focused, in large part, on increasing “the volume, timeliness, and quality of cyber threat information” shared with businesses so that they can better defend themselves against cyber attackers.
A fundamental goal of the Chamber’s cybersecurity policy is to enlarge government-to-business information sharing. The Chamber also seeks to persuade businesses to share cyber threat data with appropriate industry peers and civilian government entities to bolster U.S. systems and make the costs of cyber attacks increasingly steep. Several industry sectors have information sharing and analysis centers (ISACs) which operate at differing levels of maturity. ISACs typically emphasize threat data sharing, research, and education and training.
Businesses stress that they need practical safeguards to increase their information-sharing capabilities. CISA’s targeted protections—including limited liability, disclosure, regulation, and antitrust—should constructively influence businesses’ decisions to share cyber threat data and countermeasures more quickly and frequently.
In June, before the panel approved the measure with amendments adopted, a coalition of groups including public interest groups had opposed the bill, raising issues including privacy concerns.