It might seem hard to believe, given how quickly technology evolves, but the Cybersecurity Information Sharing Act hasn’t been around for very long.
That said, however, criticism surrounded the initial bill, suggesting that the Act will “allow the government to collect sensitive personal data unchecked.”
In an interview with CNBC, Christopher Young, senior vice president of Intel Security Group, stated that they support threat intelligence sharing, but to make sure that privacy is effectively managed and protected in the right way.
Still–there are a number of fears that surround cybersecurity, and what the CISA means going forward. Here, the Investing News Network (INN) breaks down the Act and what it means for investors.
What is the Cybersecurity Act?
As mentioned above, the CISA was passed on October 27, 2015 and signed into law on December 18, 2015 as part of the Consolidated Appropriations Act of 2016, known as the 2016 omnibus spending bill.
TheCISA is a bill seeking to permit private companies to hand over information to the federal government and its agencies. Simply put, this means that the law allows companies to directly share information with the Department of Defense and the National Security Agency.
The CISA aims to detect and prevent cybersecurity threats or security weakness, requiring the Director of National Intelligence and the Departments of Homeland Security, Defense, and Justice to “develop procedures to share cybersecurity threat information with private entities, nonfederal government agencies, state, tribal, and local governments, the public, and entities under threats.” These procedures also act as a framework for voluntary sharing of cyber threat and information between private and government entities.
The Act also aims to protect the privacy rights of an individual by ensuring that personal information is not shared or divulged unnecessarily, except if it “appears to be related to a crime either past, present, or near future.”
If a company decides to share information under CISA, they are to create or adapt procedures and systems to collect, screen, and report the information deemed appropriate to share, as protections only apply when sharing is conducted according to the CISA’s definitions of “cyber threat indicator” and “defensive measures” and complying with the requirements for removal of personal information.
Under a Donald Trump presidency, however, there is the potential for change.
When Trump took office in January 2017, he allegedly pledged to counter cyberattacks against the US in his first 90 days in office. By the end of January, a new executive order was ready to be signed, allowing cabinet officials “more responsibility for the safety of data within his or her agency.”
Since then, only one step by the president has been taken. At the end of March, Trump gave a one-year extension on “special powers” put in place by former president Obama. Essentially, this will give the government powers to issue sanctions against people and organizations committing cyberattacks and cybercrime against the US.
While Trump extended Obama’s executive order on cyberattacks, his plans following the extension remain unknown.
Indeed, the cybersecurity market is growing at a rapid pace: in 2015, it was estimated to be worth roughly $77 billion. In 2016, that number increased to $122.45 billion. By 2021, a Market and Markets report expects the cybersecurity sector to reach $202.36 billion–an annual growth rate of 10.6 percent.
This article was originally published on August 30, 2016.
Don’t forget to follow us @INN_Technology for real-time news updates.
Securities Disclosure: I, Jocelyn Aspa, hold no direct investment interest in any company mentioned in this article.