The U.S. Chamber of Commerce, the worlds largest business federation representing the interests of more than three million businesses of all sizes, sectors, and regions, as well as state and local chambers and industry associations, and dedicated to promoting, protecting, and defending Americas free enterprise system, supports S. 2588, the Cybersecurity Information Sharing Act of 2014 (CISA), which was passed by the Select Committee on Intelligence on July 8 by a strong bipartisan vote of 12 to 3.
The Chamber believes that CISA would strengthen the protection and resilience of businesses information networks and systems against increasingly sophisticated and malicious actors. The bill would also complement the National Institute of Standards and Technology (NIST)-coordinated cybersecurity framework, which many business associations and companies are embracing and promoting with their constituents. The 2013 executive order that created the framework is focused, in large part, on increasing the volume, timeliness, and quality of cyber threat information shared with businesses so that they can better defend themselves against cyber attackers.
A fundamental goal of the Chambers cybersecurity policy is to enlarge government-to- business information sharing. The Chamber also seeks to persuade businesses to share cyber threat data with appropriate industry peers and civilian government entities to bolster U.S. systems and make the costs of cyber attacks increasingly steep. Several industry sectors have information sharing and analysis centers (ISACs) that operate at differing levels of maturity. ISACs typically emphasize threat data sharing, research, and education and training.
Businesses stress that they need practical safeguards to increase their information-sharing capabilities. CISAs targeted protectionsincluding limited liability, disclosure, regulation, and antitrustshould constructively influence businesses decisions to share cyber threat data and countermeasures more quickly and frequently.
What is important is that CISA is headed in the right direction, and the Chamber looks forward to working with committee staff to enhance the bill. CISA is one of several cyber measures that the Chamber supports. At the outset of the 113th Congress, the Chamber urged Congress and the administration to focus on improving information sharing and related protections, pursuing international cooperation against cybercrime and the theft of intellectual property, enhancing national cybersecurity research and development, reforming the Federal Information Security Management Act of 2002, and heightening public awareness and education.
The goal of CISA is to help companies achieve timely and actionable situational awareness to improve the business communitys and the nations detection, mitigation, and response capabilities. The bill would also strengthen the security of personal information that is maintained on company networks and systems.
The Chamber strongly supports this bill and urges the Senate to bring up CISA and pass it expeditiously.