Info-sharing law applies to industry as well as government, agencies say

Info-sharing law applies to industry as well as government, agencies say
 
The departments of Homeland Security and Justice say that recent legislation lets businesses share cyber threat information with industry interests as well as government.
 
The agencies released a document Tuesday night clarifying the Cybersecurity Information Sharing Act (CISA).
 
ADVERTISEMENT
The measure, which passed in the 2015 omnibus, was designed to allow companies to share threat information with the federal government and other industry members while limiting potential civil liabilities for doing so.
 
But since its passage, business have questioned whether the wording of the bill limited the information-sharing to just government.
 
Even before the document was released, the business world expected that they were meant to share information with each other. 
 
“We anticipate that the departments will accommodate the Chamber’s request to clarifying the protections afforded to a non-federal entity when it shares cyber threat information with another non-federal entity,” Matthew Eggers, executive director of cybersecurity for the U.S. Chamber of Commerce, wrote in his prepared testimony for a hearing about CISA on Wednesday morning. 
 
The hearing that took place before many of the witnesses — including Eggers — or House members had time to read the new report.  
 
CISA called for the agencies to produce a report discussing privacy concerns in February. The Tuesday release was a revision of the document originally released in February, with a new section clarifying the liability protections extended to business to business communications.  
 
It explicitly states: “CISA authorizes private entities to share cyber threat indicators and defensive measures with other private entities. … It also provides private entities with liability protection for conducting such sharing in accordance with CISA.”