Virtual Event Today: Cloud & Data Security Summit - Join Event In-Progress
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Whitepapers

White House Threatens CISPA Veto

The Obama Administration remains committed to the need for cyber-security legislation that establishes a mechanism for sharing cyber-threat-related data, but the current House bill making its way through the House of Representatives is not the answer, according to a strongly worded White House memo.

The Obama Administration remains committed to the need for cyber-security legislation that establishes a mechanism for sharing cyber-threat-related data, but the current House bill making its way through the House of Representatives is not the answer, according to a strongly worded White House memo.

Last week, the House Intelligence Committee marked up the Cyber-Intelligence Sharing and Protection Act (CISPA) in a closed session. The bill originally passed the House last year, but languished due to privacy concerns. The bill was re-introduced in February to the new session and privacy advocates and Internet rights organizations have criticized the bill as being too broad and vague.

CISPA Revisions 

“If the bill, as currently crafted, were presented to the President, his senior advisors would recommend that he veto the bill,” according to the “Statement of Administration Policy” memo issued by the White House Office of Management and Budget on Tuesday.

Information sharing is still an important objective for the Obama Administration. Both the government and private companies need to be able to share cyber-threat information so that they can identify, prevent, and respond to malicious activity that can disrupt networks and potentially damage critical infrastructure, according to the memo.

While the committee adopted several amendments to address some of the privacy issues, “the Administration still seeks additional improvements,” the OMB wrote.

“While it is important to take security of the critical infrastructure seriously, it is equally important to emphasize the need to establish effective security standards and baselines, otherwise the thousands of interconnected entities making up the grid will be left to guess at how to best protect their respective sections; we all know that when it comes to cybersecurity, guessing is not much of a strategy,” Lila Kee, Chief Product and Marketing Officer of GlobalSign and NAESB board member told SecurityWeek.

Advertisement. Scroll to continue reading.

The final legislation needs to “adhere” to three priorities in order to achieve its goals, OMB suggested. First of all, the bill needs to have provisions to carefully safeguard privacy and civil liberties. The bill is moving towards the right track, as it “appropriately requires the Federal Government to protect privacy when handling cybersecurity information,” the memo said.

While the proposed bill no longer has the broad national security exemption, which means the government has to comply with restrictions on how the information could be used, it does not require businesses to remove “irrelevant personal information” when sending cyber-security data to the government or to other companies. Such measures can be crafted in a way that is not “overly onerous or cost prohibitive,” according to the memo.

“I encourage private industry, government and independent agencies to cooperate to solve cybersecurity problems,” Kee said.

Secondly, the legislation needs to preserve the long-standing, respective roles and missions of civilian and intelligence agencies, and finally, the organizations sharing information needs to have targeted liability protections. The bill’s “broad scope of liability limitations” is worrying, because even if the organizations didn’t have malicious intent, the law should not protect companies who did not take “reasonable measures,” according to the memo.

“Citizens have a right to know that corporations will be held accountable – and not granted immunity – for failing to safeguard personal information adequately,” according to the OMB.

RelatedObama Releases National Strategy for Information Sharing

RelatedDepartment of Defense Expands Information Sharing Initiative

RelatedTaking the Blinders Off – The Value of Collective Intelligence

RelatedCombating Emerging Threats Through Security Collaboration

 

Written By

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Jazz has named Sean Robinson, Rickie Goyal, Danielle Guetta, Shani Nago, and Lior Magram as VPs and Michael Calev as COO.

AJ Shipley has been appointed Chief Product Officer at CrowdStrike.

Brinqa has named Ron Dovich as Chief AI and Automation Officer, David Allen as CTO, Steve Biagioni as CFO, and James Walta as VP of Product.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.