How Is CISA Really Going To Affect Cybersecurity?

CISA Cybersecurity

Desperate times call for desperate measures, and it was only a matter of time before the U.S. government came up with a new federal law concerning cybersecurity, since the last one, the Cyber Intelligence Sharing and Protection Act, was defeated in the Senate in 2013. Last year was “the year of the breach”, which resulted in many cyber-attacks leading to the passing of a new federal law – the cybersecurity Information and Sharing Act.

This law is said to greatly improve cybersecurity in the United States, but it actually faces a lot of opponents due to its vagueness. It is definitely going to affect cybersecurity, but in what way? Read on to find out what this bill represents and how it actually affects cybersecurity in the U.S.

What Exactly Is CISA

CISA, or the Cybersecurity Information and Sharing Act, is a U.S. federal law that is meant to improve cybersecurity in the United States by allowing technology and manufacturing companies to share information about cybersecurity threats with the U.S. government. It is a way for every company to share “cyber threat indicators” with Government agencies and the Department of Homeland Security, in an attempt to fight hackers and prevent damage before it’s too late.

The collected data can be shared with any of the U.S. government agencies, including the NSA, the FBI, the CIA and many others. This bill protects companies from Freedom of Information Act requests by protecting them from any liability lawsuits for the harm done to their customers, due to the sharing of their private information, as long as they follow government guidelines.

data-issues

What Do the “Cyber Threat Indicators” Include?

According to CISA, “cyber threat indicators” represent any information that is necessary for identifying threats and they include the following: the consequences of a cyber-attack, “malicious resonance”, that is, any spy software that can steal your passwords, network activity that shows security Vulnerabilities, codes that can bypass your security measures, as well as “malicious cyber command and control” that can point to the source of the cyber-attack.

All of these indicators are pretty useful for fighting hackers and they show potential ways for improving cybersecurity. Another thing that this bill indicates is that companies can share any other information related to cybersecurity threats, unless it is not legal to share that information due to other laws. That is the vague and tricky part that makes everyone wonder whether this shared information will be misused.

Will CISA Leave Room for Privacy?

Apparently, the U.S. citizens can all say goodbye to privacy. That is the main reason why CISA has so many opponents, among which are some of the major technology companies, such as Microsoft, Apple, Google, Facebook, Twitter, Reddit, Wikipedia and many others. The greatest opponents include private companies that don’t engage in any nefarious activities and have literally no reason to be introspected and to provide the government with their customers’ private information.

CISA definitely leaves no room for privacy and, most importantly, it does very little to protect Americans from cyber-attacks. Instead, it greatly focuses on sharing Internet traffic and private information. Americans want real protection from hackers and cyber-attacks and all they got was a bill that threatens their privacy.

What concerns many people is the impact CISA may have internationally. The bill does not state that, of course, as it is designed only for the United States, but due to the fact that much of the world’s data flows through the U.S., American laws affect a much larger number of people than just those inside their borders. After all, the Internet is global.

That means that U.S. laws may not only apply to their citizens and that fact leaves the whole world in fear of their private information online, since CISA may give permissions for people who are not protected by U.S. laws. More importantly, this bill leaves many companies outside the U.S. very concerned about the privacy of their customers who happen to reside inside U.S. borders.

In a nutshell, the Cybersecurity Information and Sharing Act does not do much to improve cybersecurity, as it clearly should. Instead, it seems to be an effective way for the U.S. government to keep tabs on its citizens by having access to every private piece of information about them. Whether that changes eventually or not, only the future will tell.

By Pavle Dinic

EV Sales

Growth of Electric Vehicles – Heading In The Right Direction

Growth of Electric Vehicles The global electric vehicle market is projected to reach $802.81 billion by 2027, registering a CAGR of 22.6%.1 The highest revenue contributor was Asia-Pacific, which is estimated to reach $357.81 billion ...
Security Cloud

The Problem with Cyberhygiene

Cyberhygiene Dangers It is a quirk of human nature that we have a hard time contemplating abstract notions of danger, especially when it is introduced to us by others. In the simplest of examples, imagine ...
Matt Holleran

Cloud Platforms, Marketplaces, and Startups

Cloud Platforms, Marketplaces, and Startups One of the most exciting recent developments in the cloud software business is the proliferation of partner ecosystems, with large public and late-stage private cloud companies creating their own marketplaces ...
Eddie Segal

Kubernetes on AWS: Tips for Cloud-Native Development

Kubernetes AWS Tips Kubernetes is a container orchestration and management tool that automates container deployment. Kubernetes is mainly used in the cloud. A recent survey by CNCF showed that 83% of organizations deploy Kubernetes on ...
Aruna Headshot

66% Say They’d Switch Vendors in Order to Get an Intelligent Online Meeting Solution

People are getting frustrated with online and video meetings. In fact, according to a recent survey, 85% say they are challenged with these types of poor experiences and 74% say they’re not too happy about ...
Mark Barrenechea

Security is Job 1: Machines vs. Machines

Digital is redefining cybercrime and cyberwarfare Cyberattacks today are multi-stage, hard to discover and highly targeted. Some security threats are accidental, stemming from unauthorized employee access. As much as 38% of attacks come from internal ...