In a joint letter to members of Congress today, ABA and others urged House legislators to remove a section from the Senate-passed version of the Cybersecurity Information Sharing Act that would require the Department of Homeland Security and other agencies to independently investigate, assess and offer recommendations to Congress on the cybersecurity and incident reporting capabilities of critical infrastructure entities.
Section 407 of the bill, the letter states, “runs counter to the voluntary nature of CISA and the House-passed bills,” and would effectively give the DHS and other regulatory agencies “free rein to assess certain businesses’ cybersecurity gaps and develop unilateral mitigation strategies for each critical infrastructure entity without input from the industry.”