The Cyber Intelligence Sharing and Protection Act (CISPA), a legislation designed to provide the federal government with threat data from private sector firms, is gaining wide support from security and tech companies.
Symantec and Verisign are two notable security firms that have signaled support of the cybersecurity legislation. Others are members of the Internet Security Alliance (ISA), a multi-sector trade organization that includes AVG and Ratheon. Technology heavyweights Microsoft, IBM, Intel, Oracle, and Facebook also voiced support for the legislation. Supporters mainly praise the bill for fostering information sharing and also eliminating liability for sharing threat data with the government.
The proposed law, which passed the House in late April, aims to give the government some oversight into protecting critical infrastructure facilities that are owned by private-sector companies. CISPA amends the National Security Act and clears security vendors of any legal ramifications in sharing their customer data with federal officials. The program is voluntary and the hope is that it yields the NSA or the Department of Homeland Security and other agencies with more specific threat data on attacks targeting utilities, chemical rendering companies, manufacturers and other organizations deemed essential to the protection of national security.
Symantec declined a request for an interview, but issued a statement praising the House for passing bill. Cheri McGuire, Symantec vice president for global government affairs and cybersecurity policy noted that another bill passed by the House in April modernizes the Federal Information Security Management Act (FISMA).
“This important legislation will move federal agencies away from an antiquated paper-based security process, to one of continuous security improvements -- thereby increasing the protection of citizen data, advancing IT system efficiencies, and saving taxpayer resources,” McGuire said in the statement. "The combined effect of the bills passed this week is a positive step towards strengthening our nation’s overall cybersecurity posture.”
The other two notable organizations supporting CISPA include the Science Applications International Corporation (SAIC), which works closely with DHS, and Carnegie Mellon University CyLab, which produces cybersecurity research.
The author of the bill, Rep. Mike Rogers (R-Mich.), said the bill’s passage was due to a number of additions to the legislation addressing concerns by critics about how the threat data can be used and how long the federal government can retain the data. There is a provision in the bill “encouraging” the private sector to anonymize or minimize the cyberthreat information it voluntarily shares with others, including the government. It also says the threat data cannot be used by the federal government for a regulatory purpose and prohibits the federal government from searching the information for any other purpose than for the protection of U.S. national security.
Unlike the concern and opposition to the Stop Online Piracy Act (SOPA), CISPA’s opponents are fewer in number. The Electronic Frontier Foundation is leading the opposition to CISPA, saying the bill reduces online privacy by giving security firms the ability to give potentially personal information to the government with little oversight.
Among the bill’s biggest opponent is the White House. The Obama administration has threatened to veto the legislation if it passes the Senate.
In a statement issued to reporters, Mozilla voiced its opposition to CISPA, stating that the bill has “broad and alarming reach that goes far beyond Internet security.” Opponents of the bill say that although the program is voluntary, no portion of the legislation requires the data to be scrubbed for anonymity.
“The bill infringes on our privacy, includes vague definitions of cybersecurity, and grants immunities to companies and government that are too broad around information misuse,” Mozilla said in its statement. “We hope the Senate takes the time to fully and openly consider these issues with stakeholder input before moving forward with this legislation.”
About the author:
Robert Westervelt is news director of SearchSecurity.com. Send comments on this article to firstname.lastname@example.org
Dig Deeper on Information security laws, investigations and ethics
IoT Cybersecurity Improvement Act calls for deployment standards
How encryption legislation could affect enterprises
Government cybersecurity flounders as cybersecurity bills pass House
Information sharing key to security, say European experts