Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Lawmakers Expected to Markup Cybersecurity Bill in Closed-door Session

House lawmakers are expected to markup the proposed cybersecurity legislation in a private closed-door session today in preparation for a floor vote next week.

House lawmakers are expected to markup the proposed cybersecurity legislation in a private closed-door session today in preparation for a floor vote next week.

The proposed legislation creates a framework that would allow private sector companies and the federal government to share information on the latest cyber-threats, even the classified threats. The bill, if it becomes law, would also provide liability protection to companies who get hacked if they can show they shared information and they acted in good faith to protect their infrastructure.

Supporters of the bill have pointed to the wave of denial-of-service attacks against American banks and the high-profile incidents against media companies and other organizations to underscore the seriousness of the threat. Many lawmakers believe the Iranian and Chinese governments are behind some of these incidents.

CISPA RevisionsCyber-attacks are “the most important national security threat lapping at the shores of the United States,” House Intelligence Committee Chairman Mike Rogers (R-Mich) said Monday during a conference call with reporters.

In light of recent Congressional testimony that claimed cybersecurity has surpassed terrorism as the number one threat to the United States, “information sharing is critically important for the future of cyber-defense capabilities,” Robert Rodriguez, chairman and founder of the Security Innovation Network, told SecurityWeek.

Privacy advocates oppose the bill, which they say would expose individual private Internet records, such as bank accounts and emails to government agencies. The Cyber Intelligence Sharing and Protection Act of 2013 (CISPA) is more or less the exact same version that was introduced last year and passed by the House, but ignored by the Senate. The White House also sided with the privacy advocates saying the legislation went too far. Many companies who previously supported CISPA last year have dropped their support this year, including Microsoft, Oracle, Symantec, and Facebook.

CISPA could be used as a “back-door wiretap” to access private information without a proper search wrrant, Greg Nojeim, counsel for the Center for Democracy and Technology, said last week.

While it was critical to move quickly to protect the nation’s critical infrastructure and the federal government’s networks, “regulations needs to be crafted smartly with input from both industry and the legislators to avoid not being designed in a vacuum,” Rodriguez said.

In today’s closed-door session—private because classified information may be discussed—committee members will vote on proposed amendments crafted to appease privacy advocates and build more support for the bill. Privacy groups are calling for amendments to restrict the scope and use of information collected under CISPA, such as dropping the provision that would let the government use threat data for general national security proposes.

Advertisement. Scroll to continue reading.

One such amendment would require companies to remove any information that can be used to identify a specific person unrelated to a cyber threat before passing the data could be shared. Automated processes can be used to remove personal identifying information, according to the amendment. Another proposed removing some of the national security references to narrow the scope of what kind of data can be shared.

One proposed amendment will add a measure to ensure that shared information is used only to fight cyber-threats and not for marketing.

Stressing that this was not a “surveillance bill,” Rogers said on the call that the NSA or other government agencies will not be able to get data from private networks. “Nothing in this bill does anything to sacrifice your privacy or civil liberties,” Rogers said.

While information sharing is “vital” to cyber defense, the “inherent issue” is the fact that the federal government doesn’t own or control the country’s cyber-infrastructure. An independent and neutral platform for information sharing and collaboration will be necessary. “There needs to be a balance of information sharing where the Federal Government needs to supply data to organizations that own and operate our nation’s critical infrastructures so they can continue to conduct their business safely and securely,” Rodriguez said.

The White House signed an executive order in February aimed at coordinating information sharing between federal agencies and private sector, but at this point, it’s not clear if this bill has a future as there is no companion bill making its way through the Senate.

RelatedWhite House Issues National Insider Threat Policy

RelatedObama Releases National Strategy for Information Sharing

RelatedDepartment of Defense Expands Information Sharing Initiative

RelatedTaking the Blinders Off – The Value of Collective Intelligence

RelatedCombating Emerging Threats Through Security Collaboration

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...