CISA - the Cybersecurity Information Sharing Act - has officially passed the Senate. While Congress is busy merging CISA with two other so-called cybersecurity bills that passed the House of Representatives, in this episode, by taking an in-depth look at the contents of all three bills, we discover that these bills are not what you're being lead to believe. Please support Congressional Dish: Click here to contribute with PayPal or Bitcoin; click the PayPal "Make it Monthly" checkbox to create a monthly subscription Click here to support Congressional Dish for each episode via Patreon Mail Contributions to: 5753 Hwy 85 North #4576 Crestview, FL 32536 Thank you for supporting truly independent media! S. 754: Cybersecurity Information Sharing Act of 2015 Passed the Senate 74-21 on October 27, 2015. Sponsored by Sen. Richard Burr of North Carolina 118 pages Outline of the Bill Definitions: "Agency" = "Any executive department, military department, Government corporation, Government controlled corporation, or other establishment in the executive branch of the Government (including the Executive Office of the President), or any independent regulatory agency, but does not include — The Government Accountability Office Federal Election Commission The governments of the District of Columbia and of the territories and possessions of the United States, and their various subdivisions Government-owned contractor-operated facilities, including laboratories engaged in national defense research and production activities "Cybersecurity threat" = An action "not protected by the First Amendment to the Constitution" that "may result in an unauthorized effort to adversely impact the security, availability, confidentiality, or integrity of an information system or information that is stored on, processed by, or transiting an information system." A "cybersecurity threat" does not include "any action that soley involves a violation of a consumer term of service or a consumer licensing agreement. "Cyber threat indicator" = Information that is needed to identify - Spying, including strange patterns of communications that appear to be collecting technical information Security breaches Security vulnerabilities A legitimate user being used to defeat a security system Malicious cyber command and control The harm caused by a cybersecurity incident, including the information taken as a result "Any other attribute of a cybersecurity threat, if disclosure of such attribute is not otherwise prohibited by law" "Entity" = "Any private entity, non-Federal government agency or department, or State, tribal, or local government (including a political subdivision, department, or component thereof) Does not include "a "foreign power", which means a foreign government or a foreign based political organization. Sharing of Information by the Federal Government Executive branch officials will write procedures for sharing classified and unclassified "cyber threat indicators" and Federal government information that would help the "entities" to prevent cybersecurity threats. The officials writing the rules will be the Director of National Intelligence, the Secretary of Homeland Security, the Secretary of Defense, and the Attorney General. The rules they write have to: Ensure "cyber threat indicators" can be shared in real time Include notification procedures for false alarms Include requirements for the Federal government agencies to protect against unauthorized access to the information Requires a Federal entity sharing information to remove personal information Include notification procedures for people whose personal information is shared by the government. Their procedures will be due 60 days after CISA becomes law. Monitoring Authorizations Private companies can monitor their own information systems, other private information systems or Federal information systems with permission, and monitor "information that is stored on,