Cybersecurity News Round-Up: 4/27/12
Dubbed “Cyber Week” in Washington, the House took on a series of cybersecurity bills this week, with the Cyber Intelligence Sharing and Protection Act (CISPA) causing debates on and off of the Hill.
After a number of hearings, amendments, letters of support and calls to Congress to boot the bill, CISPA passed in the House Thursday evening on a 248-168 vote, with the bill’s cosponsors, Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.), commending their colleagues for the bipartisan effort and calling on the Senate to quickly pass the legislation.
“The bill gives the federal government new authority to share classified cyber threat information with approved American companies and knocks down barriers to cyber threat information sharing,” the congressmen said in a statement after the bill’s passage. “With strong provisions built in to keep individual American’s private information private, the bill allows U.S. businesses to better protect their own networks and their corporate customers from hackers looking to steal intellectual property.”
But critics were not convinced that CISPA would actually keep “private information private,” raising concerns over what they said were vague descriptions of how information would be shared without jeopardizing consumer privacy.
Leading the pack of privacy hawks, the White House Office of Management and Budget (OMB) on Wednesday released a statement asserting that the bill “would allow broad sharing of information with governmental entities without establishing requirements for both industry and the Government to minimize and protect personally identifiable information.”
The OMB’s memo went on to warn that if CISPA “were presented to the President, his senior advisors would recommend that he veto the bill.”
Taking a similar side, in a separate letter to House representatives, 23 privacy interest groups came together to express their “grave concerns” for the bill, which they said would “allow companies that hold very sensitive and personal information to liberally share it with the government, which could then use the information without meaningful oversight for purposes unrelated to cybersecurity.”
Meanwhile, the bill did manage to muster support from a few heavy-hitters, including Facebook, which sent a letter to Reps. Rogers and Ruppersberger, suggesting that CISPA “addresses critical needs in cybersecurity” and would “enhance the ability of companies like Facebook to address cyber threats.”
Likewise, in a letter from the Business Roundtable, written by the organization’s chairman, Ajay Banga, president and CEO of MasterCard Worldwide, CISPA gained more support, as the group said the bill “represents an important step in creating a framework for the effective sharing of cybersecurity information.”
“There should be no Republican approach or Democratic approach to cybersecurity – these threats demand bipartisan, consensus-driven solutions,” Banga wrote in the letter to House leaders. “Urgent action is needed to establish a framework that responds to current and future cybersecurity threats.”
CISPA now heads to the Senate, where it is sure to face a few more hurdles, as it vies for attention against more comprehensive cyber bills like the Cybersecurity Act of 2012 and the Strengthening and Enhancing Cybersecurity by Using Research, Education, Information and Technology (SECURE IT) Act of 2012.
Michelle Kincaid is a DC-based public affairs professional specializing in technology policy. She is also founder of the blog CybersecurityNews.org. Follow her on Twitter at @OnCybersecurity.