Security breaches prompt unprecedented lobbying for CISA bill
In the first quarter of 2015, corporations have lobbied on behalf of CISA to the tune of triple the support that’s been showed in years past for cyber-sharing bills, according to disclosure forms analyzed by The Hill ahead of a report published on Tuesday.
Indeed, records hosted on the transparency website OpenSecrets reveal that 181 unique entities have registered to lobby on behalf of CISA so far in 2015 - a significant leap from years past when 33 and 117 corporations registered to lobby on previous incarnations of the bill during the 112th and 113th congressional sessions, respectively.
READ MORE: CISA text released: Cyber bill revisions fail to impress privacy campaigners
If approved in the House and Senate and authorized by President
Barack Obama, CISA would offer incentives for corporations that
exchange cyber threat information with the United States
government. Amid a series of high-profile security breaches, the
effort is being touted as a solution by serving as a means of
letting cyber experts and infrastructure administered by the
federal government assist in analyzing, preventing and
remediating attacks launched against private sector computers. In
exchange, the companies would be shielded from legal liability.
Critics have raised concerns about this bill as in years past,
however, mainly over fears that codifying data sharing would put
too much sensitive personal bits and bytes into the hands of
While the matter of potentially magnifying the government’s ability to sniff web data has been an issue of contention in years past, the hacks of Sony Pictures Entertainment, Target, Home Depot and other big name corporations and retailers in recent months has renewed an interest in securing the nation’s networks by any means necessary.
Lobbying disclosure records available online show that the 181
organizations that have registered to promote CISA including
industry titans AT&T, Microsoft, Comcast, Cisco, General
Motors, Google, the American Insurance Association, Intel,
JPMorgan Chase, Pepsico, J Penney and Monsanto, among dozens of
Those firms, a health insurance official told The Hill, are “making sure there’s a way to share data on potential threats to help identify them beforehand ... [to] make sure there are those open lines of communications.”
“In all of these cases, what has emerged is a sense of where
we need to focus more of our attention is actually on the
data-sharing element between the public and private sector,”
the insurance official said.
At an event at Georgetown University last month, two of the top attorneys with the US Dept. of Justice urged corporations to forge relationships with law enforcement partners, regardless of whether CISA is passed, to ensure concerns of a potential breach can be brought up more easily.
“You need to have a point-of-contact in law enforcement before you're hacked,” Assistant Attorney General Leslie Caldwell of the DoJ's criminal division said, “... to know what you're supposed to do.”
CISA was approved nearly unanimously by the Senate Intelligence Committee in March but has yet to be considered by the full chamber. The panel’s chair, Sen. Dianne Feinstein (D-California), said previously in a statement that the latest version of the bill “address[es] many of the concerns that had been raised in regard to earlier drafts,” specifically with regards to privacy. Sen. Ron Wyden (D-Oregon), the lone “nay” vote among the committee, said the proposal was “a surveillance bill by another name.”
Meanwhile, a similar bill being weighed in the House, the Protecting Cyber Networks Act, advanced last month by a vote of 307-116. If authorized, it too would provide corporations with legal liability in the event that they share threat information with the government.