It might seem hard to believe, given how quickly technology evolves, but the Cybersecurity Information Sharing Act hasn’t been around for very long.
The Cybersecurity Information and Sharing Act (CISA) was passed by the US Senate on October 27, 2015 and signed into law on December 18, 2015 by former President Barack Obama. However, criticism surrounded the initial bill, suggesting that the Act will “allow the government to collect sensitive personal data unchecked.”
In an interview with CNBC, Christopher Young, senior vice president of Intel Security Group, stated that they support threat intelligence sharing, but to make sure that privacy is effectively managed and protected in the right way. Still–there are a number of fears that surround cybersecurity, and what the CISA means going forward. Here, the Investing News Network (INN) breaks down the Act and what it means for investors.
What is the Cybersecurity Act?
As mentioned above, the CISA was officially signed into law in December 2015 as part of the Consolidated Appropriations Act of 2016, known as the 2016 omnibus spending bill.
The CISA is a bill seeking to permit private companies to hand over information to the federal government and its agencies. Simply put, this means that the law allows companies to directly share information with the Department of Defense and the National Security Agency.
That said, the CISA aims to detect and prevent cybersecurity threats or security weakness, requiring the Director of National Intelligence and the Departments of Homeland Security, Defense, and Justice to “develop procedures to share cybersecurity threat information with private entities, nonfederal government agencies, state, tribal, and local governments, the public, and entities under threats.” These procedures also act as a framework for voluntary sharing of cyber threat and information between private and government entities.
The Act also aims to protect the privacy rights of an individual by ensuring that personal information is not shared or divulged unnecessarily, except if it “appears to be related to a crime either past, present, or near future.”
If a company decides to share information under CISA, they are to create or adapt procedures and systems to collect, screen, and report the information deemed appropriate to share, as protections only apply when sharing is conducted according to the CISA’s definitions of “cyber threat indicator” and “defensive measures” and complying with the requirements for removal of personal information.
Under a Donald Trump presidency, however, there is the potential for change.
When Trump took office in January 2017, he allegedly pledged to counter cyberattacks against the US in his first 90 days in office. By the end of January, a new executive order was ready to be signed, allowing cabinet officials “more responsibility for the safety of data within his or her agency.”
Since then, only one step by the president has been taken. At the end of March, Trump gave a one-year extension on “special powers” put in place by former president Obama. Essentially, this will give the government powers to issue sanctions against people and organizations committing cyberattacks and cybercrime against the US.
That being said, the Internet of Things Cybersecurity Act of 2017 is a bill that was proposed in August 2017 before the US senate, seeking the improvement of security on internet-connected devices. According to the bill, it is looking for vendor commitments that their IoT devices are patchable and that the devices don’t have known vulnerabilities, among other proposals. While the bill hasn’t been passed in the House or Congress, the foundation has at least been laid out.
Indeed, the cybersecurity market is growing at a rapid pace: in 2015, it was estimated to be worth roughly $77 billion. In 2016, that number increased to $122.45 billion. By 2021, a Market and Markets report expects the cybersecurity sector to reach $202.36 billion–an annual growth rate of 10.6 percent.
This is an update to an article originally published in 2016.
Don’t forget to follow us @INN_Technology for real-time news updates.
Securities Disclosure: I, Jocelyn Aspa, hold no direct investment interest in any company mentioned in this article.