This article can also be found in the Premium Editorial Download "Information Security magazine: Five actions to prepare for today’s external security threats."
Download it now to read this article plus other related content.
The Cyber Intelligence Sharing and Protection Act (CISPA), a legislation designed to provide the federal government with threat data from private sector firms, is gaining wide support from security and tech companies.
The proposed law, which passed the House in late April, aims to give the government some oversight into protecting critical infrastructure facilities that are owned by private-sector companies. CISPA amends the National Security Act and clears security vendors of any legal ramifications in sharing their customer data with federal officials. The program is voluntary and the hope is that it yields the NSA or the Department of Homeland Security and other agencies with more specific threat data on attacks targeting utilities, chemical rendering companies, manufacturers and other organizations deemed essential to the protection of national security.
Symantec declined a request for an interview, but issued a statement praising the House for passing bill. Cheri McGuire, Symantec vice president for global government affairs and cybersecurity policy noted that another bill passed by the House in April modernizes the Federal Information Security Management Act (FISMA).
“This important legislation will move federal agencies away from an antiquated paper-based security process, to one of continuous security improvements -- thereby increasing the protection of citizen data, advancing IT system efficiencies, and saving taxpayer resources,” McGuire said in the statement. "The combined effect of the bills passed this week is a positive step towards strengthening our nation’s overall cybersecurity posture.”
The other two notable organizations supporting CISPA include the Science Applications International Corporation (SAIC), which works closely with DHS, and Carnegie Mellon University CyLab, which produces cybersecurity research.
The author of the bill, Rep. Mike Rogers (R-Mich.), said the bill’s passage was due to a number of additions to the legislation addressing concerns by critics about how the threat data can be used and how long the federal government can retain the data. There is a provision in the bill “encouraging” the private sector to anonymize or minimize the cyberthreat information it voluntarily shares with others, including the government. It also says the threat data cannot be used by the federal government for a regulatory purpose and prohibits the federal government from searching the information for any other purpose than for the protection of U.S. national security.
Unlike the concern and opposition to the Stop Online Piracy Act (SOPA), CISPA’s opponents are fewer in number. The Electronic Frontier Foundation is leading the opposition to CISPA, saying the bill reduces online privacy by giving security firms the ability to give potentially personal information to the government with little oversight.
Among the bill’s biggest opponent is the White House. The Obama administration has threatened to veto the legislation if it passes the Senate.
In a statement issued to reporters, Mozilla voiced its opposition to CISPA, stating that the bill has “broad and alarming reach that goes far beyond Internet security.” Opponents of the bill say that although the program is voluntary, no portion of the legislation requires the data to be scrubbed for anonymity.
“The bill infringes on our privacy, includes vague definitions of cybersecurity, and grants immunities to companies and government that are too broad around information misuse,” Mozilla said in its statement. “We hope the Senate takes the time to fully and openly consider these issues with stakeholder input before moving forward with this legislation.”
About the author:
Robert Westervelt is news director of SearchSecurity.com. Send comments on this article to firstname.lastname@example.org
This was first published in May 2012