Will Cybersecurity Bill Make it Through Congress This Time?
The controversial Cyber Intelligence Sharing and Protection Act resurfaces in light of recent hacking incidents, but will it be able to garner the support it needs to be signed into law?
We are in a cyber war, say many national security officials and tech experts, and something must be done. Perhaps a law that would let companies share information about security breaches and suspicious activity on their networks with the government, and vice versa? Some in Congress and associations agree.
Earlier this month, we reported on hacking incidents involving The New York Times and the Wall Street Journal, in which employee passwords, company data, and reporters’ home computers were affected. Now, a controversial bill that was first introduced a couple of years ago, the Cyber Intelligence Sharing and Protection Act (CISPA), is back in the spotlight after President Barack Obama in his State of the Union address urged Congress to pass legislation that would “give our government a greater capacity to secure our networks and deter attacks.”
The backstory: Reps. Mike Rogers (R-MI), chairman of the House Intelligence Committee, and Dutch Ruppersberger (D-MD) first introduced CISPA in late 2011. The House passed it in April 2012, but it went no further. Advocates for internet privacy and freedom, including the Electronic Frontier Foundation and Fight for the Future, criticized the bill for its lacking restrictions on how companies and the government could share user information. The bill’s cosponsors later issued some amendments that won over a previous critic, the Center for Democracy and Technology.
An executive order: Obama on Tuesday signed an executive order, and some think it will help with the passage of the bill this time. The order gives the Department of Homeland Security oversight of a voluntary initiative that would “allow operators of critical infrastructure networks to see classified intelligence on detected threats.” The National Institute of Standards and Technology would work to develop cyber controls for critical business sectors in which national or economic security could be at risk. The hope is that this executive order will create agreement about what the law should be.
Still, businesses and some Republicans express concern that voluntary measures could become mandatory. “The order could open the door to increased regulations that would stifle innovation, burden businesses, and fail to keep pace with evolving cyber threats. Our first priority must be ‘do no harm,’ ” Rep. John McCaul (R-TX), chair of the House Homeland Security Committee, said in a statement.
The new bill: Congress introduced on Wednesday the identical version of the bill presented last year. It not only gives government agencies the ability to share information with companies, but also gives companies the ability to share information with the government. It already has support from CTIA–The Wireless Association and the National Cable and Telecommunications Association (NCTA). “By removing the current legal barriers to information sharing and establishing the appropriate safeguards for the use of such information, the nation’s critical infrastructure owners and operators and others within the internet ecosystem can better protect our national security and economy,” NCTA’s President, Michael Powell, wrote in a letter to the cosponsors.