ABA in a joint letter today urged Congress to remove Section 407 from the Cybersecurity Information Sharing Act as the House and Senate prepare to reconcile competing versions of the bill. Under Section 407, the Department of Homeland Security and other federal regulators would be required to review, assess and report back to Congress on the security capabilities of critical infrastructure entities, a practice that the groups said would lead to additional and burdensome regulation with no connection to the information sharing at the heart of CISA.
“This provision is simply at odds with the overall goal of a comprehensive, voluntary information sharing framework,” the groups said. “Moreover, we are concerned that this provision has not been adequately vetted in the same manner as the rest of the legislation, and therefore could have unintended consequences that would impact the effectiveness of voluntary information sharing.”