Like it or not, controversial CISPA cybersecurity bill is back
Two members of the House Intelligence Committee on Feb. 13 reintroduced their controversial Cyber Intelligence Sharing and Protection Act (CISPA), which passed the House of Representatives last year but failed to make it through the Senate.
House Intelligence Committee Chairman Rep. Mike Rogers (R-Mich.) and the committee's ranking member Rep. C.A. Dutch Ruppersberger (D-Md.) said that they believe that the nation's cyber defenses would be best improved through legislation, not White House executive order, and that's the reason they want to try a second time to get their bill through both houses of Congress.
The bill failed last year in part because it faced strong opposition from civil liberties groups on the grounds that it did not carry strong enough privacy measures.
Noting the high cost of cyberattacks to the U.S. economy and to national security, stronger measures are needed to "enable American companies to defend themselves against these devastating cyberattacks," Ruppersberger said. "Our bill does just that by permitting the voluntary sharing of critical threat intelligence while preserving important civil liberties."
"American businesses are under siege," said Rogers. "We need to provide American companies the information they need to better protect their networks from these dangerous cyber threats. It is time to stop admiring this problem and deal with it immediately. Congress urgently needs to pass our cyber threat information sharing bill to protect our national security, our economy and U.S. jobs.”
On Feb. 12, President Obama signed an executive order, "Improving Critical Infrastructure Cyber Security," that provides intermediate measures to protect critical infrastructure against cyberattacks from foreign and domestic hackers.
The CIPSA sponsors specifically mentioned in a statement accompanying the bill the severity of the cyberattack threat that Chinese and Iranian hackers pose to the U.S. economy and its businesses.
The intent of CISPA is to enable the private sector to share cyber threat information and employ classified information to protect its networks.
CISPA includes statutory provisions designed to enable the federal government to distribute classified cyber threat information to the private sector so that companies can better themselves from advanced cyber threats.
The legislation also empowers American U.S. businesses to share anonymous cyber threat information with others in the private sector and enables the private sector to share information with the government on a purely voluntary basis.
In addition, CISPA furnishes liability protection for companies that choose to protect their own networks or share threat information--a measure that the president's executive order is unable to provide from a legal standpoint, according to legal experts.
The bill's sponsors point to the strong privacy protections this version includes, such as strict restrictions on how the government may use data voluntarily shared by the private sector, right of indivdiuals to sue government in federal court for violations of the bill’s privacy restriction and the creation of an independent intelligence community inspector general to conduct a detailed review of the government’s use of any information voluntarily shared by the private sector.
Furthermore, the bill includes a provision that would sunset its authorities in five years, requiring Congress to carefully review the use of the authorities provided under the legislation to determine whether they should be extended or modified.