Cyber security proposal changed to meet White House privacy concerns
December 1st, 2011
11:39 PM ET

Cyber security proposal changed to meet White House privacy concerns

By Pam Benson, CNN Senior National Security Producer

The House Intelligence Committee made some revisions in its cyber security bill Thursday to address privacy concerns raised by the White House.

The legislation is designed to improve information sharing between the federal government and private industry in an effort to better protect American businesses computer systems from cyber attacks.

It enables the government to provide classified information to the private sector and removes some of the legal barriers that discouraged private companies from sharing threat information with other companies and the government.

The White House had raised concerns about whether the original proposal announced Wednesday would sufficiently protect personal information and privacy.

National Security Council spokeswoman Caitlin Hayden said in a statement Wednesday night that "the Administration will not support anything that does not include a customized set of requirements for privacy protection."

The Intelligence Committee amended the bill Thursday to include a provision that lists restrictions on the government's use of cyber threat information it receives from private industry. The information can only be used by the feds to protect national security and/or for a cybersecurity purpose.

The private sector is neither required to share cyber threat information with the government nor must it do so to receive cyber intelligence from the government.

A second amendment calls on the Inspector General of the intelligence community to provide an annual report to Congress assessing the type of cyber threat information the government received from industry, how it was used and what actions were taken by the government in response to the threat.

"We have added a narrow threshold for what kind of information can be shared between the government and private sector, as well as a critical Inspector General report requirement," Committee Ranking Member Dutch Ruppersberger said in a statement.

Committee Chairman Mike Rogers said businesses are suffering losses due to cyber intrusions.

"This bill addresses the urgent need to help our private sector better defend itself from these insidious attacks," he said.

Hayden said the White House is reviewing the changes in the bill to see if they adequately address the concerns raised by the administration.

Post by:
Filed under: Congress • Intelligence
soundoff (4 Responses)
  1. Larry Bunch

    My entire article can be found at : http://mysite.verizon.net/vze18ez5m/ :
    In my opinion the USG does not realize that it is wasting a vast pool of talented Intel and CND personnel that currently working the Private sector. The USG needs to exploit (for lack of a better term) this vast talent pool. This need to be done in order to better serve the American public and defend our National Security interest. This will require extensive interaction and coordination on all levels from the Federal Government to the “Ma and Pa” small business. It would also require extensive coordination within multiple Law Enforcement/Counterintelligence (LE/CI) agencies from Federal, State, and Local governments as well. We really need to start looking at both; Private and Public sectors holistically (as the same). We can no longer afford to stand back “individually” as organizations’ with an reactive I will defend “what’s mine” or, a reactive approach to Information Security].

    1. Maintain US control and ownership and control of the internet
    2. The USG and USBUS need to take a “holistic” view to Cyber Security. We need to take a less “individualized” view of Cyber Security and look at as a “whole”.
    3. The United States needs to a Machiavellian approach CND and Cyber Operations
    4. We must consider every organization from the smallest USBUS that has an internet presence, to the largest USGA as integral part of our critical infrastructure and national security.
    5. Advertise and expand upon the US-CERTs role
    6. Establish a “National Cyber Security Think Tank”. I believe that we should create a National Cyber Security Think Tank (NCSTT) would act as a national clearing house to provide Cyber Security guidance and recommendations and solutions to every segment of the American population. This body would merely take in information and make educated and feasible recommendations based on current intelligence, new and emerging threats, and best practices in order to guide lawmakers in constructing new legislation. The “National Cyber Security Think Tank” (NCSTT) should be an independent body that is fully taxpayer funded and would fall jointly underneath the US Executive and Legislative branches of government. (I say taxpayer funded in order to protect the ethics and integrity of it members and keep them from being lobbied or influenced by an entity exercising influence or, seeking personal gain through manipulation. Other recommendations of “NCSTT”:

    • (independent from DHS, DoD, FBI, CIA, NSA etc. But contain members from each)
    • Would not just be composed exclusively from executive leadership (Private and Public sectors)
    • Would have minimum membership requirements and rotate personnel on a regular basis (3-4 yrs)
    • Members would serve by a combined election/nomination process
    • It would be evenly comprised with individuals who come from both Private and Public sectors to include representatives from:
    o Legal
    o Technical
    o Policy
    o Managerial
    o executive.
    • Make Cyber-Security recommendations to the American public as a whole.
    o It should contain multiple USGA members such as DHS, DoD, FBI, CIA, NSA etc.
    o It should also contain members from fortune 500 companies
    o US Small Business owners
    o Members of Academia
    o Be partnered with NIST
    o Security Groups i.e. SANS, ISC2, ECCouncil

    7. The US needs to view ALL US based information Systems that have been attacked or compromised as being a national IT asset
    8. Draft and pass legislation that will allow for easier rules for the US Public and “Private Sectors “ to establish and maintain collaborative Information Sharing efforts in both CND, and Cyber Intelligence.
    9. USIC should work with USBUSs’ in order to establish a Cyber “Most Wanted” list of IP addresses, file hashes etc. Provide guidance to USBUS that provides reports suspicious activity on their networks.
    10. Have “No Fear” in taking retaliatory actions when there is a preponderance of evidence.
    11. Be more aggressive in “Red Team” and CNA operations in both Public and Private sectors and collaborate on Targets of Opportunity and Interest.
    12. Allow for the formation of “Patriotic Hacking” teams that have guidance and direction (handlers)
    13. Seek out youth while in High School or, College who have demonstrated Cyber “ninja” skills and utilize those skills for doing good.
    14. The USG must develop a required minimum system security baseline requirements program for all USBUSs’
    15. USBUS should be required to adhere to and implement a nationally uniform Certification and Accreditation (C&A) process
    16. USG needs to Develop a Cyber Security educational assistance program implemented via the Small Business Administration (SBA) for less tech-savvy small business owner
    17. Above all, the privacy of the citizen/customer must be protected at all times by all parties. It is imperative for USGA’s and USBUS’s to establish ‘trust relationships’ and information sharing agreements. Our adversaries have been kicking down our doors for years now. We all realize that almost all systems are somehow inter-connected today and need to be secured and defended.

    [Comment: Let’s all stop for a moment and reflect on our past: World War II and the “Greatest Generation” and examine a few of the things that have made America great. The main one was (in my opinion) our ability to work together with a unified goal against a common foe. During this period Government, Industry, and the private citizens found ways to work together. Yes, this is a different era. However, I still believe in that cooperative spirit].

    We are currently moving in the right direction however, there is much more work to be done. Now, is the time for the US to be Unified and resolute in defending our National Security interest on the Cyber front. With a unified and cooperative approach from the US Government and US Private Sector organizations working together for the Common Defense. Yes, these suggestions are daunting and perhaps extreme. However, in considering how much we have already lost. Can we afford to lose much more? Drastic times, call for drastic measures. Now is the time to take a stand!! Before we slip into obscurity of insignificance in the global arena.

    December 12, 2011 at 12:50 pm | Reply
  2. Howard

    JEWS SUPPORTING OBAMA ARE LIKE KAPOS

    The kapos in the concentration camps were Jews
    who turned on their fellow Jews, in exchange for
    special favors. Obama and his administration, have
    consistently thrown Isreal under the bus, while
    campaigning for contributions from wealthy American
    Jews. The kapos were motivated by sheer survival,
    the American Jews who support obama,
    are motivated by greed, power,
    and what's fashionable ... even though they are being
    used like pawns by obama. All Jews should rally their
    support, and resources behind whoever runs against
    obama !!!

    December 3, 2011 at 12:44 pm | Reply
  3. 20th Stryker Soldier

    There are terrorists all over. International. Domestic. Whatever.

    However, we have technologies that can track potential terrorists. Just think if we can use cellphones, I pads, I pods, PCs, autombilie computers and such to locate the bad guys. We could then retrain the VIPER squads to execute raid assault operations. It is the only way.

    December 2, 2011 at 2:18 pm | Reply
  4. michaelfury

    http://michaelfury.wordpress.com/2010/09/10/ghosts-in-the-machine/

    December 2, 2011 at 9:59 am | Reply

Post a comment


 

CNN welcomes a lively and courteous discussion as long as you follow the Rules of Conduct set forth in our Terms of Service. Comments are not pre-screened before they post. You agree that anything you post may be used, along with your name and profile picture, in accordance with our Privacy Policy and the license you have granted pursuant to our Terms of Service.