The U.S. House of Representatives voted to pass the Cyber Intelligence Sharing and Protection Act (CISPA), a measure that would ease information sharing among chemical firms and other companies with facilities that are vulnerable to cyberattacks. The bill has been met with much controversy: President Obama has threatened a veto and the Senate has been circulating a different bill aimed at cybersecurity, although no vote has been held in that chamber.
Sponsored by Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.), CISPA would give businesses and the federal government legal protection to share information about cyberthreats with each other. Currently, the government does not share this data because the information is classified and companies fear violating antitrust law. The bill would remove legal barriers, making it easier for chemical firms, and other businesses, to do so.
“The intelligence community has the ability to detect these cyberthreats, these malicious codes and viruses, before they are able to attack our networks,” says Ruppersberger. “But right now, federal law prohibits our intelligence community from sharing classified cyberthreats with the companies that will protect us, that control the networks
— the AT&Ts, the Verizons, the Comcasts
— those groups."
— the AT&Ts, the Verizons, the Comcasts
— those groups."
“We have the ability to give them information to protects us, yet we have to pass a law to do that,” the Congressman added.
The Obama administration threatened a veto and privacy and civil liberties groups claim that, under CISPA, what is defined as consumer data and permitted to be shared is overly broad. The bill’s authors have added amendments to appease concerns, such as limiting the federal government’s use of private information and restricting which cyberthreat data can be shared. The Obama Administration is also seeking regulatory mandates for critical infrastructure providers, which are not contained in CISPA.
CISPA is one of four cybersecurity bills being considered. The others are the Federal Information Security Amendments Act, the Cybersecurity Enhancement Act and the Advancing America’s Networking and Information Technology Research and Development Act.