Lawmakers reintroduce cyberthreat information-sharing bill
Some privacy and civil liberties groups say that CISPA still allows companies to share too much privacy information
IDG News Service - Two U.S. lawmakers have reintroduced a controversial cyberthreat information-sharing bill over the objections of some privacy advocates and digital rights groups.
As promised, Representatives Mike Rogers, a Michigan Republican, and C.A. "Dutch" Ruppersberger, a Maryland Democrat, have reintroduced the Cyber Intelligence Sharing and Protection Act (CISPA), a bill that would allow private companies to share a wide range of cyberthreat information with U.S. government agencies.
New legislation is needed to protect the U.S. from cyberattacks coming from Iran and other countries, said Rogers, chairman of the House of Representatives Intelligence Committee. Cyberattacks have "exploded into what is an epidemic," he said during a briefing on the bill. "We are in a cyberwar -- most Americans don't know it, most folks in the world probably don't know it -- and at this point, we're losing."
The bill can help U.S. agencies and businesses address their toughest cybersecurity problems, Rogers said. "It's not a surveillance program, it's in real time, at the speed of light, exchanging zeros and ones when it comes to malicious software to catch it and stop it," he said.
Several privacy and digital rights groups have said the bill allows companies to share too much private information with government agencies, without sufficient oversight. The U.S. House of Representatives passed CISPA last April, but the legislation failed to advance in the Senate after the White House threatened a veto over privacy concerns.
The privacy protections in the new bill are "woefully inadequate," Sharon Bradford Franklin, senior policy counsel at civil liberties group the Constitution Project, said in an email. "If passed in its current form, it would allow companies that hold sensitive personal information to share it with the federal government, including with agencies that have a history of domestic spying, which could then potentially use the information for purposes totally unrelated to cybersecurity," she added..
Rogers and Ruppersberger said they've addressed privacy concerns in the new bill, although several privacy groups still voiced opposition to CISPA. The lawmakers have worked with privacy groups and will work with the White House as the bill moves forward, Ruppersberger said.
The two sponsors engaged in "lengthy negotiations" on privacy concerns, Ruppersberger said. The new bill has narrowed the definition of information that can be shared and sets strict restrictions on the government's use and searching of the data, the sponsors said.
The two lawmakers introduced CISPA a day after President Barack Obama signed an executive order focused on allowing federal agencies to share cyberthreat information with U.S. businesses and on creating voluntary cybersecurity standards for operators of critical infrastructure.
The bill is needed in addition to the executive order to enable wider sharing of cyberthreat information than the order allows, Rogers said. While Obama's order allows federal agencies to share cyberthreat information with companies, the bill would allow agencies to share classified information and would allow U.S. businesses to share cyberthreat information with each other and with government agencies.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts