Introduction
Cyberattacks have become common occurrences in the United States. High-profile raids on government agencies and American businesses were rampant in 2014 and became even more dangerous in 2015. Cyberattacks, according to Riley, are targeting organizations across the country at a growing rate since both costs to the institutions and the occurrence frequency of the cyberattacks on their networks are increasing (1). Cyberattacks pose a risk to businesses and other entities. Due to the increasing growth of e-commerce and the role of information technologies, it is necessary to mitigate and control any potential cyberattacks. Criminal gangs or foreign governments perpetrate them to steal Americans’ identities, electronic data, tax refunds, credit card data, and many other forms of private information. These attacks, according to Koppel, violate Americans’ confidentiality on the enormous scale and heavily affecting businesses and jobs (165). Thus, it is highly essential to ensure cybersecurity.
The introduction of the Protecting Cyber Networks Act is a welcome move towards curbing and controlling cyberattacks on American organizations. The document provides procedures to enhance cybersecurity through the improvement of the sharing of data on security risks between private entities and government. The legislation of Protecting Cyber Networks Act is agreeable since it is essential for protecting the privacy of American citizens, ensuring proper functioning of companies, their effective cooperation with the government and monitoring threat indicators as well as sharing them.
Get a price quote
First, this paper focuses on explaining the purpose of the legislation and its status as well as identifying the institutional participants for and against the law. Second, it explores the arguments and counterarguments concerning mentioned regulation.
Explanation of Law
The intention of the proposed legislation is to strengthen the existing means of cybersecurity provision. It seeks to promote the sharing of information on cyber threats among private organizations, and, voluntarily, the Federal government while maintaining strong methods of personal privacy protection. Section 106 (a) of the Act states “the sharing with non-Federal entities if appropriate, of information in possession of the Federal Government about imminent or ongoing cybersecurity threats to such entities to prevent or mitigate adverse impacts from such cybersecurity threats.” The legislation allows the sharing of only risk indicators intended to safeguard their networks. The sharing of information between private entities will assist businesses to shield themselves from cyber threats.
It allows private organizations to be counter-offensive against cyberattackers by performing a firmer defensive mechanism, which the law permits. The Act states liability protection tool, which is critical for enhancing of information sharing leading to the improvement of cybersecurity concept. Section 106 (a) of the document provides that “no cause of action shall lie or be maintained in any court against any private entity, and such action shall be promptly dismissed.” The provision of liability protection is only available for entities that share information, fail to share or receive in good faith. It is not provided to entities that show intentional misconduct.
Currently, the legislation has been read for the second time, and the Committee on Homeland Security and Government Affairs debates it. Amendments are being proposed to address the concerns of those opposing it. The White House is among the institutions supporting the Act. President Obama openly expressed the need for the passage of the legislation. There are also Airlines for America (A4A), U.S. Chamber of Commerce, American Bankers Association (ABA), American Council of Life Insurers (ACLI), American Insurance Association (AIA), Coalition on e-Commerce & Privacy, and Federation of American Hospitals (FAH) among the supporters of law. However, there are approximately fifty-five civil societies groups that opposed the legislation (Greenberg). They include, for example, Access, American Civil Liberties Union, PEN American Center, Electronic Frontier Foundation, Human Rights Watch, Government Accountability Project Hackers/Founders, Liberty Coalition, and American Library Association.
Arguments for the Law
I agree with the fact that the legislation seeks to protect cyber networks. First, the Act is essential for saving the privacy of American citizens, their businesses, and jobs. According to the Constitution, every citizen has the right for privacy. It means the protection of personal information against any scrutiny by the public. Therefore, the law is crucial in ensuring that one of the most important rights is not infringed. It gives the citizens the power to sue the government for any intentional act of privacy violation.
New to BestWritingHelp?
Get your 15% OFF the first order! Code firstorder
Cyberattacks cause immense damage to American companies. They lead to financial losses, increased expenditure, regulatory penalties, and the crisis of customer confidence. Brand image is damaged, products face piracy, company reputation suffers, data on research and development gets distorted, and the loss of designs and prototypes is inevitable. According to Koppel, a single information breach can cost an American company above $500,000 on average (124). The depth of risk of cyberattack is far-reaching; therefore, there is a need to strengthen the existing measures on cybersecurity. Cyberattacks and private information theft rates are rising. Such incidents were common for 2014 and 2015. In 2014, the Syrian Electronic Army hacked GoDaddy and Gigya. Hackers associated with the Korean government attacked Sony Entertainment. Cyberterrorists invaded Home Depot’s network and stole personal information and credit card accounts of millions of people. Among other organizations attacked in 2014, there are Las Vegas Corp, Staples, and Chick-Fil-A. In 2015, a bigger number of organizations including Morgan Stanley, Anthem Inc., Penn State University, American Airlines, Forbes.com, Premera Blue Cross, and Trump Hotel were attacked (Walters 6).
The rise in the cyberattacks in the last two years can be attributed to the limited sharing of information as well as inadequate cooperation between private companies and federal government. The bill creates a smooth way of data sharing between these bodies. Besides the assistance and support of the Federal government, it allows private organizations to monitor and spread threat indicators among themselves and, voluntarily, share them with government. Koppel claims that the legislation gives companies an opportunity to warn each other through government entities techniques and tools the hackers attempt to utilize to acquire valuable data (165). Thus, the sharing of information between private entities will assist businesses in shielding themselves from cyber threats. Sharing of information with the government will allow it to handle relative information with greater efficiency and effectiveness. Therefore, the proposed legislation will enhance cybersecurity by promoting of the mechanism mentioned above.
The Act contains that the provision of liability protection is essential in the fight against cyberattacks. Lack of protection against lawsuits is one of the deterrents to information sharing. Various organizations remain worried about doing so, scared that the information sharing process may expose them to the lawsuits of clients who may allege that the breach of personal data happened. The provision of liability protection is critical in enhancing information sharing that will lead to the improvement of cybersecurity mechanism. The provision of liability protection is only to entities that share information for the purposes of protection.. It is important that the liability protection cannot be guaranteed to the organizations practicing illegal actions.
Finally, in section four of the bill, the private entities are given the authorization to apply correctly defensive measures of monitoring their own networks. These measures also include the controlling of other factors that may not be non-federal in nature. It is an important argument for the bill as well since it ensures that the private entities find the institutions that try to attack their networks and get access to crucial information, which may be dangerous in their hands. What is more, the law supports fully the move of the private companies to create and apply any defensive measures, which, in turn, ensure that they are protected against possible attacks (Hansen 1175). With the defensive measures in place, it becomes difficult for the cyberattacks to occur, which makes the networks safer for the companies.
Arguments Against the Law
Opponents of the legislation have raised concerns regarding the implication of information sharing between private entities and the Federal government. The civil liberty groups have sounded their mistrust on how the latter will utilize the received information. They worry that these information disclosures may lead to significant spread of personal data and result in privacy, antitrust or other legal problems. The critics, according to Greenberg, argue that the excess of sharing will not promote cybersecurity but damage privacy as well as undermine threats response mechanism (1). For instance, the disclosure of personal data like passwords and id’s exposes users to illegal access, especially considering the fact that most of them utilize similar passwords for various accounts. In addition, sharing of personal data from personal emails provides an opportunity for cybercriminals to masquerade as trusted correspondents. Another interesting concern is that the legislation has the potential to increase the chances of National Security Agency (NSA) having access to private data. The information, then, may be utilized by the government for other purposes not related to cybersecurity.
Nevertheless, the bill establishes a mechanism that ensures that no personal data is shared among the private entities as well as between private organizations and Federal government. It forbids the government to compel private organizations to present information to it. The sharing of information by a private institution with the government is voluntary. The document requires the entities sharing information to remove personal data before the applying of mentioned action. It also requires the subject receiving the information to crosscheck and remove any persona data that may be contained there. Therefore, the argument of the risk of sharing of personal data is not valid.
In addition, the bill also limits the sharing of information among private entities strictly to threat pointers and protective measures to eliminate cyber threats. The liability protection provided by the legislation does not absolve an organization from the responsibility in case of personal privacy breach. Liability protection is only provided to the entities sharing information in good faith. It cannot be applied to entities demonstrating intentional misconduct. The chances that an organization can share personal data are very low considering the fact that every entity conducting this action is required to remove private information. Arguably, this legislation strengthens cybersecurity through sharing of information on threat indicators and the means to eliminate the threat while, at the same time, protecting the privacy of American citizens.
Conclusion
This paper focuses on the proposed Protecting Cyber Networks Act explaining the purpose of the legislation as well as its current status and identifying the institutional participants for and against it. The research considers arguments supporting the law and judgements opposing it. The mentioned legislation is essential for enhancing the existing level of cybersecurity. The bill also is the useful addition to the legal base since it promotes cybersecurity. Though critics have raised various issues concerning personal privacy and liability protection concepts, amendments are being proposed to resolve them. With the legislation adopted, the cyberattacks on American businesses and theft of personal data could be mitigated to the lower level.