For half a decade, Congress debated, but never enacted, cyberthreat information sharing legislation. Then, this past December, Congress approved and President Obama signed the Cybersecurity Act of 2015.
The Cybersecurity Act provides liability protections to businesses to incentivize them to share cyberthreat information with government and with each other.
"Is the legislation perfect?" GovInfoSecurity Executive Editor Eric Chabrow asks in an audio blog (click player beneath image to listen). "Of course, not. What law is? For a bill to become a law, legislators make compromises. And that's what the Cybersecurity Act of 2015 is."
As James Lewis, senior fellow at the Center for Strategic and International Studies says, "It's a really good first step."
In this audio blog, you'll hear:
- An explanation of how the Department of Homeland Security, which will serve as a hub for cyberthreat information sharing, is implementing the new law;
- Elissa Shevinsky, CEO of the privacy company JeKuDo, express reservations about the effectiveness of the law in mitigating cyberthreats and concerns that the Act reduces citizens' privacy;
- Lewis, a top cybersecurity expert, explain why organizations might not be spurred to share threat data. The law, Lewis says, "doesn't really affect what people are going to do to defend themselves, and it keeps us in a reactive posture."