Lawmakers to Introduce New Version of CISPABill Focuses on Government-Industry Sharing Threat Information
Cybersecurity legislation that cleared the House of Representatives last year, and that President Obama opposed, will be reintroduced Feb. 13 by the Republican chair and Democratic ranking member of the House Select Committee on Intelligence.
See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources
The bill's sponsors, Reps. Mike Rogers, R-Mich., and C.A. Dutch Ruppersberger, D-Md., said in a statement that their measure will be identical to the Cyber Intelligence Sharing and Protection Act that passed the House last April by a 248-168 vote [see With CISPA's Passage, What Next? ].
CISPA, as last year's bill was known, emphasized information sharing between government and industry to identify and mitigate cyberthreats.
The Senate never took up CISPA; instead, it debated the Cybersecurity Act of 2012, a more comprehensive bill that failed to get enough votes to beat back a filibuster [see Senate, Again, Fails to Halt Filibuster].
In addition to provisions to share threat information, the Cybersecurity Act, unlike CISPA, would have created a process for government and business to develop IT security best practices that the mostly privately-owned critical infrastructure providers could voluntarily adopt.
The Cybersecurity Act also would have designated the Department of Homeland Security as the key federal government agency to coordinate non-military, non-defense IT security. Most Republicans have opposed efforts to develop voluntary standards and give DHS more sway over cybersecurity.
Urgent Need for Legislation
Rogers said the recent spike of cyber-attacks against American banks [see DDoS: Are Attacks Really Over?] and media companies [see N.Y. Times' Transparent Hack Response and Twitter, Washington Post Report Cyberattacks] shows U.S. businesses are under siege.
"We need to provide American companies the information they need to better protect their networks from these dangerous cyberthreats," Rogers said. "It is time to stop admiring this problem and deal with it immediately. Congress urgently needs to pass our cyberthreat information sharing bill to protect our national security, our economy, and U.S. jobs."
Ruppersberger said CISPA permits the voluntary sharing of critical threat intelligence while preserving important civil liberties. But opponents of CISPA, including the Obama administration, contend the bill didn't go far enough to protect civil liberties.
Although the White House has been mute about the new proposed legislation, in a Statement of Administration Policy issued last year, the Obama administration argued that CISPA would have altered important provisions of an existing electronic surveillance law without instituting corresponding privacy, confidentiality and civil liberties safeguards [see Obama Threatens to Veto Cybersecurity Bill].
Sponsors of the latest flavor of CISPA dispute contentions that their bill doesn't protect privacy and civil liberties, noting that the measure would permit individuals to sue the government in federal court for violations of the bill's privacy restrictions.
A day after the new version of CISPA is to be introduced, the House intelligence panel is scheduled to hold hearings on the advanced cyberthreats facing the nation. Only representatives of business were scheduled to testify, according to the committee's website as of late Feb. 8. Absent from the witness list are advocates for online privacy and civil liberties.
The scheduled witnesses include former Michigan Gov. John Engler, president of the Business Roundtable [see Arguing Against Voluntary Standards]; Paul Smocer, president of BITS, a financial industry forum focused on technology; Kevin Mandia, chief executive of Mandiant, the advanced threat detection provider that The New York Times, State of South Carolina and other organizations have hired to investigate breaches; and Ken DeFontes, chief executive of Baltimore Gas & Electric.