Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Future of Government Data Centers
- The Future of IT: How CIOs Can Enable the Service-Oriented Enterprise
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
- Air Traffic Management Transformation Report
- Cloud First Report
- General Dynamics IT Enterprise Center
- Gov Cloud Minute
- Government in Technology Series
- Homeland Security Cybersecurity Market Report
- National Cybersecurity Awareness Month
- Technology Insights
- The Cyber Security Report
- The Next Generation Cyber Security Experts
Shows & Panels
House passes pro-business cybersecurity bill
Friday - 4/19/2013, 6:10am EDT
WASHINGTON (AP) -- Pro-business legislation aimed at helping companies fend off sophisticated foreign hackers sailed through the House on Thursday despite a White House veto threat and an outcry from privacy advocates and civil liberties groups that say it leaves Americans vulnerable to spying by the military.
The House vote, 288-127, puts the spotlight on the Senate, which hasn't taken up the issue and is consumed with other high-profile issues such as gun control and immigration. The lack of enthusiasm in the Senate and objections by the White House mean that the legislation is in limbo despite an aggressive push by lobbyists representing nearly every corner of industry.
But supporters said they were gaining momentum: Despite the White House veto threat 92 Democrats voted for the measure, compared to only 42 for a similar bill last year.
The Cyber Intelligence Sharing and Protection Act, or CISPA, is widely backed by industry groups that say businesses are struggling to defend themselves against aggressive and sophisticated attacks from hackers in China, Russia and Eastern Europe.
Hackers haven't been able to deliver crippling blows to the U.S. economy or infrastructure, but they have been able to wreak havoc on some key commercial systems. Most recently several news outlets including the New York Times acknowledged that their systems had been penetrated, while banks are said to be quietly fighting daily intrusions. North Korea was recently held responsible for a cyberattack that shut down tens of thousands of computers and servers at South Korean broadcasters and banks.
The bill, said House Intelligence Committee Chairman Rep. Mike Rogers, R-Mich., strikes "that right balance between our privacy, civil liberties and stopping bad guys in their tracks from ruining what is one-sixth of the U.S. economy."
Under the legislation, businesses and the federal government would be able to share technical data without worrying about anti-trust or classification laws. The bill also would grant businesses legal immunity if hacked so long as they acted in good faith to protect their networks. The bill is sponsored by Rogers and Rep. Dutch Ruppersberger, D-Md., the panel's top Democrat.
But privacy advocates and civil liberties groups say the bill would open up Americans' most private online records to the federal government. The bill doesn't include a requirement that companies scrub data of sensitive information like health or credit records before sharing it with the government.
In its veto threat issued Tuesday, the White House echoed that concern.
"Citizens have a right to know that corporations will be held accountable -- and not granted immunity -- for failing to safeguard personal information adequately," the White House stated.
Rep. Adam Schiff, D-Calif., had tried to amend the bill to require companies to strip any data of personally identifiable information before sharing it with the government. But Republicans blocked his proposal from being debated on the floor because they said tough mandates might deter companies from participating.
Business groups say the privacy concern is overblown.
"When it comes to sharing, there are practical, business reasons why companies carefully protect" sensitive information, Tim Molino with the Business Software Alliance recently wrote in an online post urging lawmakers to pass the bill.
"At the end of the day, personal information is customer information, and maintaining trust with customers is a core business imperative," Molino added.
Privacy groups also objected to the bill because they said it would give the National Security Agency a front-row seat in analyzing data from private computer networks. The bill doesn't address the NSA's role specifically, but it's presumed that the military intelligence agency would have a central role in the data-sharing program because of its technical expertise in tracking foreign-based hackers.
Democratic Rep. Jan Schakowsky of Illinois had tried to amend the bill to prohibit the military from collecting threat data directly from industry. But that proposal also was blocked from floor debate amid GOP objections. Still facing a veto threat, Rep. Michael McCaul, R-Texas, worked with Democrats on a measure that would ensure that companies go first through the Department of Homeland Security. While that proposal was adopted, the American Civil Liberties Group and others still were not satisfied.
"Cybersecurity can be done without sacrificing Americans' privacy online," Michelle Richardson, an ACLU legislative counsel, said after the vote.
A similar version of the bill passed the House a year ago by a 248-168 vote. But that bill also had prompted a veto threat and never gained traction in the Senate.
Rep. Steny Hoyer, D-Md., voted against the bill last year but supported it this year, saying the latest version "represents a significant improvement." The second-ranking House Democrat said more work needed to be done to ensure that personally identifiable information is removed during cyberintelligence sharing, but praised the move to put the Department of Homeland Security, rather than military agencies, in charge of receiving the information.