The Hill reports Rep. Dutch Ruppersberger (D-MD), the ranking member of the House Intelligence Committee, plans to re-introduce the Cyber Intelligence Sharing and Protection Act (CISPA), with the committee’s chairman Rep. Mike Rogers (R-MI) this year. CISPA passed the House in 2012 despite significant organized opposition from privacy advocates, but was not considered by the Senate as it focused on its own cybersecurity proposal — one which also stalled, leading to reports the White House plans to issue a cybersecurity executive order calling for the creation of a voluntary program including minimum safety standards in critical infrastructure sectors.
CISPA proposed making information sharing between private companies and the intelligence agencies easier in order to allow collaborative responses to cyberattacks, likely at the expense of internet users’ privacy. While the bill enjoyed the support of many major companies including Facebook, Microsoft, IBM, Oracle, Symantec, AT&T and Verizon, civil liberties organizations expressed major doubts about the proposal and continue to do so. In a comment about renewed interest in CISPA to ThinkProgress today, Gregory T. Nojeim, Director of the Project on Freedom, Security & Technology at the Center for Democracy & Technology said:
“CISPA is deeply flawed. Under a broad cybersecurity umbrella, it permits companies to share user communications directly with the super secret National Security Agency and permits the NSA to use that information for non-cybersecurity reasons. This risks turning the cybersecurity program into a back door intelligence surveillance program run by a military entity with little transparency or public accountability. Members should seriously consider whether CISPA — which inflamed grassroots activists last year and was under a veto threat for these and other flaws — is the right place to start.”
The White House is expected to release a cybersecurity executive order after the State of the Union, although rumors of its imminence have been floating around since September. Nojeim noted that last year there were reasons to be optimistic about the cybersecurity executive order when rumors of it first emerged — including the White House’s threat to veto CISPA.
The executive order wouldn’t be the first foray into cybersecurity for President Obama: He signed a secret directive that redefined some cybersecurity actions previously deemed offensive as defensive in October as part of an effort to enable military personal to be more proactive in thwarting cyberattacks. The move occurred around the same time Secretary of Defense Leon Panetta warned of an impending “cyber-Pearl Harbor.”
The threat of cyber attacks on public and private infrastructure is very real, as demonstrated by the huge jump in incidents involving critical infrastructure requiring the involvement of U.S. Industrial Control System Cyber Emergency Response Team jumping from 9 in 2009 to 198 in 2011.