Feb 10, 2013
The Cyber Intelligence Sharing and Protection act (CISPA) will be reintroduced before the US House next week following a spate of cyber espionage and hacking attacks. Civil liberties advocates have criticized the bill for violating privacy laws.
The House Intelligence Committee’s Chairman Mike Rogers (R-Mich.) and ranking member Rep. Dutch Ruppersberger (D-Md.) will attempt to breathe new life into CISPA on Wednesday.
The bill will be identical to the version of CISPA that passed the House last spring, but was defeated on the Senate floor in August mainly because the upper house was hammering out its own cyber security bill.
CISPA would allow for the voluntary sharing of Internet traffic between private companies and the government. The bill is purportedly intended to help the US government, especially the intelligence community, to investigate cyber threats and ensure the security of networks against cyber attack, especially those emanating from countries like China and Iran.
The bill would also allow the federal government to provide classified cyber threat information to private firms, and protect them from legal action in the course of sharing private information.
Opponents of the bill say it would allow companies to hand over a user’s private browsing information to the government, allowing authorities to spy on American citizens rather than simply track down cyber threats.
Fight for the Future, a non-profit group “working to extend the Internet’s power for good,” has already kicked off anonline petition asking voters to call their representatives on the House Intelligence Committee and express their opposition to the bill.
Rogers claimed a recent series of cyber attacks against US banks and newspapers galvanized Congress to once again pass the information sharing bill.
“American businesses are under siege,” the Beltway tech blog The Hill cites Rogers as saying.
“We need to provide American companies the information they need to better protect their networks from these dangerous cyber threats. It is time to stop admiring this problem and deal with it immediately,” he continued.
Several leading US papers, including the New York Times, the Wall Street Journal and the Washington post have all recently fallen victim to cyber spying. Following attacks on the Federal Reserve’s website as well as on several US banks, The head of Homeland Security Janet Napolitano warned in January that a “cyber 9/11”, which could cripple critical infrastructure like water, electricity and gas, may happen “imminently”.
“We shouldn’t wait until there is a 9/11 in the cyber world. There are things we can and should be doing right now that, if not prevent, would mitigate the extent of damage,” she warned before urging Congress to pass cyber security legislation.
During his first major policy speech on cyber security in October, Defense Secretary Leon Panetta took a similar rhetorical route, warning the United States faced the prospect of “a cyber-Pearl Harbor.”
“An aggressor nation or extremist group could gain control of critical switches and derail passenger trains, or trains loaded with lethal chemicals,” Panetta said. “They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.”
Panetta claimed that CISPA fell “victim to legislative and political gridlock, ” urged that the bill should be passed “to safeguard our national security.”
The White House threatened to veto CISPA last year, saying the bill would not protect the nation’s critical infrastructure or guarantee the privacy of consumer information that could be shared by companies.
Despite reticence about CISPA, President Obama is expected to issue an executive order aimed at strengthening US cyber security next week.
The order, which is expected to be released after Obama delivers his State of the Union address on Tuesday, will purportedly set up a voluntary program of cyber security standards for firms operating critical US infrastructure, two former officials briefed on the plan told Bloomberg.
In October, Obama signed a separate directive authorizing the National Security Agency and other military units to take more aggressive action to defeat attacks on the country’s web of government and private computer networks.