Bill Overview
Title: Cryptocurrency Cybersecurity Information Sharing Act
Description: This bill revises the Cybersecurity Information Sharing Act of 2015 to include cryptocurrency companies and insurance providers that insure against cybersecurity threats. The act allows companies to share information regarding cybersecurity threats with the federal government and with one another. The Financial Crimes Enforcement Network and the Cybersecurity and Infrastructure Security Agency must set forth procedures for these companies to provide notice to the federal government of such threats.
Sponsors: Sen. Blackburn, Marsha [R-TN]
Target Audience
Population: People working in the cryptocurrency and cybersecurity insurance industries
Estimated Size: 30000
- The bill targets companies in the cryptocurrency sector and those that provide insurance against cybersecurity threats.
- The increased collaboration and information sharing between these companies and the government aims to strengthen cybersecurity infrastructure.
- The bill may increase operational requirements and compliance costs for the companies involved in the cryptocurrency sector and cybersecurity insurance.
- It affects companies globally as cryptocurrency and cyber threats do not recognize borders.
Reasoning
- The policy is designed to enhance cybersecurity through better information sharing. While this could improve infrastructure security, it may also impose additional costs or operational changes on companies involved, particularly in the cryptocurrency and cybersecurity insurance sectors.
- Given the implementation costs and budget, direct impacts might focus especially on companies within the US that are key to the cryptocurrency market and cybersecurity efforts.
- The long-term benefits may include a reduction in cybersecurity threats due to increased collaboration and information sharing; however, these effects might not be immediately apparent and could vary significantly between different stakeholders.
- The cost to the companies may be offset by faster response times to threats and potentially lower insurability risks. Still, throughout the transition, there might be individual variability in experience and perception.
Simulated Interviews
Cryptocurrency Exchange Developer (San Francisco, CA)
Age: 34 | Gender: female
Wellbeing Before Policy: 7
Duration of Impact: 5.0 years
Commonness: 4/20
Statement of Opinion:
- I think it's crucial for the industry to work more closely on security issues given how quickly threats can evolve.
- It's slightly concerning thinking about the added compliance workload, but overall, enhancing security is a priority for us.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 7 |
| Year 2 | 8 | 7 |
| Year 3 | 8 | 7 |
| Year 5 | 8 | 8 |
| Year 10 | 9 | 8 |
| Year 20 | 9 | 8 |
Cybersecurity Consultant (Austin, TX)
Age: 29 | Gender: male
Wellbeing Before Policy: 6
Duration of Impact: 5.0 years
Commonness: 3/20
Statement of Opinion:
- There might be more business opportunities for consultants like myself with the new regulations, which can be positive.
- Implementing effective sharing mechanisms will be key to the success of this policy.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 6 |
| Year 2 | 7 | 6 |
| Year 3 | 7 | 6 |
| Year 5 | 7 | 6 |
| Year 10 | 8 | 7 |
| Year 20 | 8 | 7 |
Insurance Underwriter (New York, NY)
Age: 42 | Gender: female
Wellbeing Before Policy: 8
Duration of Impact: 10.0 years
Commonness: 3/20
Statement of Opinion:
- This policy might drive improved risk metrics for our products with better threat information availability.
- There is a potential for more regulatory oversight, which we must prepare for.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 8 | 8 |
| Year 2 | 8 | 8 |
| Year 3 | 8 | 8 |
| Year 5 | 9 | 8 |
| Year 10 | 9 | 8 |
| Year 20 | 9 | 8 |
Government Cybersecurity Advisor (Washington, D.C.)
Age: 50 | Gender: male
Wellbeing Before Policy: 9
Duration of Impact: 20.0 years
Commonness: 2/20
Statement of Opinion:
- Such policies are proactive steps towards national cybersecurity.
- The challenge is ensuring that shared data is actionable and timely.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 9 | 9 |
| Year 2 | 9 | 9 |
| Year 3 | 9 | 9 |
| Year 5 | 9 | 9 |
| Year 10 | 10 | 9 |
| Year 20 | 10 | 9 |
Blockchain Developer (Denver, CO)
Age: 27 | Gender: female
Wellbeing Before Policy: 6
Duration of Impact: 3.0 years
Commonness: 5/20
Statement of Opinion:
- Collaboration across the sector will be vital, but I'm worried about potential bureaucracy slowing things down.
- Security should be a shared responsibility, and this is a step towards that.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 6 |
| Year 2 | 7 | 6 |
| Year 3 | 7 | 6 |
| Year 5 | 7 | 6 |
| Year 10 | 8 | 7 |
| Year 20 | 8 | 7 |
Cryptocurrency Exchange CEO (Seattle, WA)
Age: 40 | Gender: male
Wellbeing Before Policy: 5
Duration of Impact: 7.0 years
Commonness: 2/20
Statement of Opinion:
- These changes could increase administrative costs, but enhancing security is beneficial.
- Collaboration with the government will need clear frameworks to protect sensitive business operations.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 5 | 5 |
| Year 2 | 6 | 6 |
| Year 3 | 7 | 6 |
| Year 5 | 8 | 7 |
| Year 10 | 8 | 7 |
| Year 20 | 8 | 7 |
Cybersecurity Lawyer (Chicago, IL)
Age: 45 | Gender: female
Wellbeing Before Policy: 8
Duration of Impact: 5.0 years
Commonness: 3/20
Statement of Opinion:
- The evolving legal landscape will increase demand for legal services.
- Ensuring rights during information sharing will be crucial.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 8 | 8 |
| Year 2 | 8 | 8 |
| Year 3 | 8 | 8 |
| Year 5 | 9 | 8 |
| Year 10 | 9 | 8 |
| Year 20 | 9 | 8 |
Independent Cryptocurrency Investor (Los Angeles, CA)
Age: 31 | Gender: male
Wellbeing Before Policy: 7
Duration of Impact: 4.0 years
Commonness: 4/20
Statement of Opinion:
- Strengthened cybersecurity is reassuring, but over-regulation could hinder innovation.
- Investors need reliable data, and this act promises to deliver better resources.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 7 |
| Year 2 | 7 | 7 |
| Year 3 | 8 | 7 |
| Year 5 | 8 | 7 |
| Year 10 | 8 | 7 |
| Year 20 | 8 | 7 |
Chief Risk Officer (Boston, MA)
Age: 38 | Gender: female
Wellbeing Before Policy: 7
Duration of Impact: 10.0 years
Commonness: 3/20
Statement of Opinion:
- Better information on threats helps us price premiums more accurately.
- This could reduce overall risk but needs to be balanced against privacy concerns.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 7 |
| Year 2 | 8 | 7 |
| Year 3 | 8 | 7 |
| Year 5 | 8 | 7 |
| Year 10 | 9 | 7 |
| Year 20 | 9 | 8 |
Cryptocurrency Wallet Security Analyst (Phoenix, AZ)
Age: 37 | Gender: female
Wellbeing Before Policy: 6
Duration of Impact: 6.0 years
Commonness: 5/20
Statement of Opinion:
- I'm optimistic about the policy's intent, but skeptical about execution capability given the rapid pace of innovation.
- Ensuring clear communication channels will be a major goal.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 6 |
| Year 2 | 7 | 6 |
| Year 3 | 7 | 6 |
| Year 5 | 8 | 6 |
| Year 10 | 8 | 7 |
| Year 20 | 8 | 7 |
Cost Estimates
Year 1: $100000000 (Low: $50000000, High: $150000000)
Year 2: $105000000 (Low: $52500000, High: $157500000)
Year 3: $110250000 (Low: $55125000, High: $165375000)
Year 5: $121550000 (Low: $60775000, High: $182325000)
Year 10: $149855763 (Low: $74927881, High: $224783645)
Year 100: $613862853 (Low: $306931427, High: $920794279)
Key Considerations
- Coordination and technology required to facilitate information sharing.
- Potential regulatory implications and obligations for companies within and outside of the U.S.
- Balancing privacy concerns with information sharing goals.
- Determining metrics for measuring effectiveness and accountability.