Cyber Threat Information Sharing
There have been questions about our views of the current CISA legislation.
For clarity, BSA does not support any of the three current bills pending before Congress, including the Cybersecurity Information Sharing Act (CISA), the Protecting Cyber Networks Act (PCNA), and the National Cybersecurity and Communications Integration Center (NCCIC) Act.
Consistent with this view, BSA’s September 14 data agenda letter to Congressional leaders identified five key areas where Congress can pass legislation to strengthen the policy environment around digital commerce, including voluntary information sharing, and highlighted the need for balanced legislation in this area.
BSA has consistently advocated for strong privacy protections in all information sharing bills currently pending before the Congress.
We will continue to work with the Congress, others in industry and the privacy community to advance legislation that effectively deals with cyber threats, while protecting individual privacy.
For more information on BSA's work on privacy, see:
“BSA Testimony at Senate ECPA Reform Hearing”
“BSA Applauds Senate Passage of USA FREEDOM Act”
Cybersecurity policies should marshal market forces to protect the information systems that are indispensable to a thriving digital economy. They must promote rapid innovation and adaptation in the face of a constantly evolving threat landscape. And because the economy is global, they must be internationally cohesive.
Specific policy actions needed:
Strengthening cybersecurity capabilities
- Promote real-time sharing of cyber threat information while protecting privacy and civil liberties.
- Modernize and strengthen the public-private partnership that protects the nation’s critical cyber infrastructure without putting undue regulatory burdens on industry.
- Support cyber R&D with greater resources for research and education to improve US cybersecurity.
- Give technologists in federal agencies greater authority and responsibility for identifying and correcting vulnerabilities in government IT systems.
- Increase law enforcement’s domestic and international tools, resources, and capabilities.
- Streamline compliance for businesses and reduce confusion for consumers by establishing a uniform national standard that requires consumers to be notified when their personal data has been compromised to an extent that presents a substantial risk of harm.