Financial sector defends cyber bill

The battle over a stalled cybersecurity bill has spilled into the August recess.

Over the weekend, Tim Pawlenty, the former Republican governor of Minnesota who now heads a major financial sector trade group, defended the bill that has been hung up for months amid privacy concerns.

{mosads}The measure, known as the Cybersecurity Information Sharing Act (CISA), would shield companies from legal liability when sharing data on hackers with the government.

“We need a team America approach,” Pawlenty, CEO of the Financial Services Roundtable, said on C-SPAN’s “Newsmakers.” “We’ve got to work as a team if we’re going to successfully identify and defend against those kind of threats. No one company, no matter how large they are, can do it by themselves.”

American businesses have been hammered by cyberattacks in recent years. Last fall’s data breach at JPMorgan Chase exposed sensitive data on 76 million households.

Industry groups have heavily backed CISA, but privacy concerns have derailed the bill in the Senate. Although the House passed its complementary legislation in April, the upper chamber has been unable to punch through its measure, despite repeated attempts.

Digital rights groups argue the measure would allow companies to turn over troves of personal information to the government, empowering surveillance programs at the National Security Agency (NSA).

They say the bill doesn’t include strong provisions requiring companies to strip personal data before sharing information with the government. They also believe the data would be shared too permissively within the government.

Pawlenty pushed back against CISA opponents.

“It’s really important that we distinguish that we’re not talking about sharing personal information,” he said. “We’re talking about sharing cyber threat information.”

And companies can’t fully share that threat information without the legal protections this bill would provide, Pawlenty added. Companies need certainty they will not face frivolous lawsuits or regulatory action when exchanging data with the government.

“If I think you’ve attacked me and I turn that information over to the government, is that going to be subject to the Freedom of Information Act?” he said, highlighting a major issue for senators concerned about privacy.

“If so, are the trial lawyers going to get it and sue my company for negligent maintenance of data or cyber defenses?” Pawlenty continued. “Are my regulators going to get it and come back and throw me in jail, or fine me or sanction me? Is the public going to have access to it? Are my competitors going to have access to it? Are they going to be able to see my proprietary cyber systems in a way that will give up competitive advantage?”

CISA has been poorly framed, he explained.

“It should be called the cyber teamwork bill,” Pawlenty said.