ETA Signs Letter Opposing Section 407 of S. 754, the Cybersecurity Information Sharing Act (CISA)

November 12, 2015

The undersigned organizations thank you for your strong efforts to combat cyber threats and protect American businesses and citizens. The cybersecurity measures approved by the House and Senate would implement a legal framework critical to encourage industry to share voluntarily cybersecurity information with the federal government, helping to bolster efforts to guard against cyber-attacks.

However, we have significant concerns with Section 407 of S. 754, the Cybersecurity Information Sharing Act (CISA), which recently passed the Senate. This provision would require the Department of Homeland Security (DHS), relevant sector specific agencies (SSAs) and regulatory agencies to single out certain critical infrastructure entities and to report to Congress the extent of cybersecurity incident reporting by these entities. Section 407 would compel federal officials to assess the cybersecurity of these “covered” entities, develop a mitigation strategy for each of these entities and issue a recommendation to Congress whether to require a mandatory regulatory regime for the reporting of cyber intrusions by these entities to the government.

Please click here to view the full letter.