Senate Holds Cybersecurity Information Sharing Hearing
On January 28, 2015, cybersecurity information sharing was the focus of the Senate Committee on Homeland Security and Governmental Affairs’ first hearing in the 114th Congress. In the wake of high-profile cyber attacks on Sony, Target, and JPMorgan, the testifying industry executives and security experts urged Congress to pass an information sharing bill that will better detect and prevent cyber intrusions on America’s infrastructure.
The witnesses argued that the complex cybersecurity landscape makes information sharing necessary. Scott Charney, corporate vice president of Microsoft’s Trustworthy Computing Group, remarked that no individual organization can be completely aware of all threats, vulnerabilities, and incidents. Marc Gordon, executive vice president and chief information officer of American Express, similarly opined that “effective information sharing may be the single highest impact/lowest cost/fastest to implement capability . . . to accelerate [the United States’] overall defense from the many and varied and increasing threats around us.”
The Committee and the witnesses also discussed privacy concerns, an issue that contributed to the Cyber Intelligence Sharing Act (CISA) not passing last year. Sen. Cory Booker (D-N.J.) questioned whether the proposals promoted oversharing with the government and stated that “In many ways it’s just giving the government access to another level of domestic surveillance.”
Witnesses agreed that privacy had to be a top priority, but still said a bill could strike the right balance between security and privacy. Gregory Nojeim, senior counsel and director of the Center for Democracy and Technology’s Freedom, Security and Technology Project, argued that the CISA’s major shortcoming was that it provided the National Security Agency (NSA) access to sensitive data. Nojeim stated that a new bill should comprehensively define what information should be shared and then require the Department of Homeland Security to apply additional privacy procedures before providing sensitive data to other agencies. Additionally, Sen. Ron Johnson (R-Wis.), Chairman of the Committee, surmised, and Nojeim agreed, that if cyber attacks were not controlled, then “the threat in terms of loss of privacy is really even greater”.
After the hearing, Chairman Johnson and Ranking Member Sen. Tom Carper (D-Del.) were optimistic. Sen. Carper pledged to act “very soon” on a bill, while Sen. Johnson stated, “If we concentrate on the shared goal of enhancing the economic and national security of America . . ., I think that’s what’s going to bring this across the goal line.”