Cybersecurity Act of 2015

 

The Cybersecurity Act of 2015 is a United States federal law designed to promote cybersecurity information sharing between the government and private sector organizations. The law, officially titled the Cybersecurity Information Sharing Act (CISA), was signed into law by President Barack Obama in December 2015 as part of the 2016 omnibus spending bill.

The main goal of the law is to improve cybersecurity in the United States by encouraging private companies and the federal government to share information about cyber threats and attacks. The law includes provisions to protect the privacy of personal information and prevent the government from using shared information for surveillance purposes.

Under the Cybersecurity Act, private companies are encouraged to share information about cybersecurity threats and incidents with the Department of Homeland Security (DHS), which will then disseminate the information to other relevant federal agencies and private sector partners. In exchange for sharing information, companies are granted liability protection from lawsuits related to the sharing of cyber threat information.

The Cybersecurity Act of 2015 has been controversial, with some critics arguing that it doesn't do enough to protect individual privacy and could lead to increased government surveillance. However, supporters of the law argue that it is a necessary step in improving cybersecurity in the United States and preventing cyber-attacks.

The Cybersecurity Act of 2015 (CISA) does not allow hacking back. In fact, the law explicitly prohibits companies from engaging in so-called "active defense" measures, which include retaliatory or offensive actions against cyber attackers.

Under the law, private sector companies are only authorized to monitor and defend their own networks and information systems and share information about cyber threats and incidents with other companies and the government. Any defensive measures taken by companies must be consistent with applicable laws and regulations and should not violate the privacy or civil liberties of individuals.

While the Cybersecurity Act of 2015 does not allow hacking back, some lawmakers and cybersecurity experts have proposed legislation that would authorize companies to engage in offensive cyber operations against attackers. However, such proposals remain controversial and have not yet been enacted into law.