The Cybersecurity and Information Sharing Act (S.754), or CISA, cleared an important hurdle on Thursday when the Senate voted 83-14 to end debate on several amendments to the bill. CISA creates a cyberthreat information sharing system to, in the words of the bill, “improve cybersecurity in the United States.” Specifically, as currently drafted, the bill requires various government actors and agencies (such as the Attorney General and the Department of Homeland Security) to create specific policies and regulations relating to the sharing of cyberthreat data from private entities and within government entities. Thus far CISA has been opposed by a number of leading global technology companies (Apple, for example, released a statement on Tuesday expressing opposition to the bill on privacy grounds), and by civil liberties groups (such as the ACLU, concerned that the bill could, among other things, threaten whistleblowers). The recent amendments to the bill were meant to address some of these concerns, but it remains to be seen whether they will have done so sufficiently to quell concerns from industry and civil libertarians. It appears likely that the bill, as amended, will pass the Senate. This is the second time that a version of the bill has been introduced before the Senate (failing to reach a full Senate vote before the end of the 113th Congress).
Two related bills passed the House earlier this year: The National Cybersecurity Protection Advancement Act of 2015 (H.R. 1731) and the Protecting Cyber Networks Act (H.R. 1560). Assuming CISA passes the Senate, a combination of these bills could wind up in Conference Committee.