Data breaches have become more common for businesses and government agencies in the past few years. (Photo: Rawpixel/

The Senate on Tuesday approved the Cybersecurity Information Sharing Act (CISA) on a 74-21 vote.

The bill aims to give companies legal immunity for sharing potential data breaches with the Department of Homeland Security (DHS), which could then share such information with other federal agencies, including the FBI and the National Security Agency.

The Senate’s version of CISA now heads to a conference committee where lawmakers will attempt to reconcile it with two versions passed by the House earlier this year, according FedScoop, which covers government technology news.

The Obama Administration gave qualified support for the legislation last week, indicating that it would work to make improvements to the bill in the reconciliation process with the House legislation, according to The Washington Post.

The legislation comes in response to recent digital attacks against companies, such as CVS and health insurer Anthem, and government agencies, such as the Office of Personnel Management.

Related: Cyber attacks drive insurance purchases in early 2015

What it does

Under CISA, the DHS would set up a hub for voluntary information about cyber attacks. When a business encounters suspicious activity on its data systems, it would pass the information about the attack on to the DHS, which would warn other companies.

The shared information would be limited to “threat indicator” data — technical information about the attack.

The legislation also gives business that share such information liability protections. Privacy advocates who oppose the legislation say this could stop customers from suing companies for sharing their private data.


Other critics of CISA say that DHS’s ability to share such information with other government agencies turns the legislation into a way for intelligence agencies to spy on Americans.

In addition to privacy advocates and civil liberty groups, CISA is opposed by tech trade industry groups — and companies such as Microsoft, Apple, Google and Amazon — that say the legislation won’t improve cybersecurity.

Insurance support

The Washington-based property and casualty insurance trade organization American Insurance Association (AIA) hailed the passage of CISA in the Senate.

“[Tuesday's] vote illustrates the importance of cybersecurity and the need to better enable information sharing on cyber threats, while also protecting consumer’s information. CISA is an essential tool for coordinating information sharing that can be used to prevent and mitigate a cyber-attack,” Angela Gleason, associate counsel for the AIA, said in a prepared statement.

Related: The cost of a cyber breach, in 5 different industries

How can you transform your risk management preparedness and response strategy into a competitive advantage?
Introducing ALM’s cyberSecure — A two-day event designed to provide the insights and connections necessary to implement a preparedness and response strategy that changes the conversation from financial risk to competitive advantage.  Learn more about how this inaugural event can help you reduce risk and add business value.