The U.S. House of Representatives passed a new cybersecurity bill on April 22 that is aimed at protecting the United States from future cyber-attacks. The Protecting Cyber Networks Act (PCNA) provides protection from liability for companies who share sensitive cybersecurity-related information with other companies and the government. The bill was heavily supported, passing with a 307-to-116 bipartisan vote.
Its Purpose
The bill aims to better facilitate information sharing for cybersecurity threats, ultimately informing more companies of security failures or potential issues before they arise in the United States. This bill also promotes the spread of information between corporations and government agencies, in the hope that it will increase the shared pool of knowledge on impending cyber threats.
The bill is a response to the massive number of damaging cyber-attacks in the last few years, from breaches at Target and Home Depot, to JPMorgan Chase and Sony Pictures, to healthcare organization Anthem Blue Cross and Blue Shield. Hackers can pose many challenges, and some experts feel we’re already fighting and losing a war against cyber criminals.
Paul Kurtz, CEO of information sharing company TruStar, told the New York Times, “The gravity of the emergency we have in cyberspace is setting in with lawmakers. They now understand that companies can no longer fight the bad guys individually.”
Concerns
The bill also has its critics. Some raise concerns about crossing lines regarding individual privacy boundaries when all this information is shared.
Civil liberties groups and security experts fear that consolidating so much information and sharing it between companies make them even bigger targets. Those experts appealed to the Senate in a letter arguing against the bill, because it would essentially allow the Federal Government access to information not necessarily related to cybersecurity.
Impact on Healthcare
The Health Information Trust Alliance (HITRUST) released a statement which supported the bill and emphasized the legal protections it provides. The collaborative organization also said that the bill addresses information sharing and provides simplicity for healthcare companies.
HITRUST CEO Daniel Nutkis said in a statement, “I think where we would like to be more engaged is in the dialogue in what the expectations are for an information sharing and analysis organization … For organizations to have a meaningful dialogue there has to be some context, and sometimes to have the context there has to be a consistent maturity, or level of knowledge and sophistication.”
Checks and Balances
According to the New York Times, legislation for the bill stipulates that before information is shared with the government, it has to undergo two separate rounds of filtering and removal of personal information. The first removal is by the company, before the information is delivered, and the next is by the government agency receiving the data. The filtration process is the only way to receive liability protection.
The impact this bill has on cybersecurity threats is yet to be seen. With responsible usage and checks and balances in place, data experts now have a more reliable communication method to arm others with information against hackers as their tactics continue to evolve and advance.