-
Legislation to encourage sharing of information about cyber threats among companies and the government has won the backing of a technology trade group.
April 12 -
Rep. Marsha Blackburn introduced legislation to strengthen the nation's safeguards against cyberattacks while a House panel passed a measure to promote sharing of information about cyber threats.
April 11
The House of Representatives on Wednesday is expected to pass controversial legislation that aims to deter cyberattacks.
The measure, the Cyber Intelligence Sharing and Protection Act, or CISPA, would allow U.S. intelligence agencies to share information about cyber threats with owners of financial networks, utilities, telecommunications networks and other critical infrastructure in real time.
The bill also would immunize companies that share information about cyber threats from liability under antitrust and privacy laws that many companies say currently deter them from exchanging such data.
A similar measure passed the House last spring by a vote of 248 to 168, although efforts to pass cybersecurity legislation later stalled in the Senate.
CISPA's critics, including the American Civil Liberties Association and the Electronic Frontier Foundation, charge that it lacks sufficient privacy protections and would allow companies to share information with the National Security Agency without first having to remove people's personal information. Critics add that the bill should direct companies to share information with the Department of Homeland Security, a civilian agency.
A
An array of
"Enactment of this bill would give [the Financial Services — Information Sharing and Analysis Center] increased access to and a greater ability to share timely and actionable threat information with its private sector members and the government in an effort to protect networks, systems and data," the ABA, the Financial Services Roundtable and five other trade groups
The White House on Tuesday threatened to veto CISPA, saying its privacy protections need to be tightened further. The administration "remains concerned that the bill does not require private entities to take reasonable steps to remove irrelevant personal information when sending cybersecurity data to the government or other private sector entities," according to a
The administration, which agreed with CISPA's critics that information about cyber threats "should enter the government" via the Department of Homeland Security," added the administration "stands ready to work" with Congress to pass legislation that strengthens the nation's cyber defenses.
The legislative push follows a series of
On April 10, the House Intelligence Committee passed CISPA by a vote of 18 to 2 after adopting a series of amendments that supporters say address privacy concerns, including one that Rogers and Ruppersberger say limits the government's use of information it receives from companies. The committee made "changes to this legislation at every step in the process…to address privacy and civil liberties concerns," the panel wrote in its
Still, the changes did not assuage some legislators. "We need to ensure that companies aren't sharing their customers' personal information," Rep. Adam Schiff, D-Calif., who along with Rep. Jan Schakowsky, D-Ill., opposed the measure,
Late Tuesday, the House Rules Committee rebuffed an amendment by Schiff and Schakowsky that would have sought a vote by the House on whether companies should be required to take "reasonable steps" to remove personal information from cyber threat data before sharing it with the government, the Hill
For its part, the Senate has cybersecurity measures of its own. In February, Commerce Committee Chairman Jay Rockefeller, D-W.Va., Intelligence Committee Chairman Dianne Feinstein, D-Calif., and Homeland Security Chairman Tom Carper, D-Del., introduced a bill that also aims to reinforce defenses against digital threats. Rockefeller has called passing legislation this year to address cyber threats
