By Pam Benson
The House Intelligence Committee has overwhelmingly passed a new cybersecurity bill that would enhance data sharing between the government and private industry to protect computer networks and intellectual property from cyber attacks.
By a vote of 18-2, the panel on Wednesday approved the Cyber Intelligence Sharing and Protection Act (CISPA).
The measure sets up a voluntary system for companies to share threat information on their networks with the government in exchange for some liability protections.
The bill also allows the government to share intelligence and other cyber threat information with industry.
A similar bill died in the Senate last year after a number of Republicans argued that proposed cybersecurity standards allowed for too much government regulation.
The White House had threatened to veto that bill over privacy concerns.
The Intelligence Committee revised the legislation this time to address some of those issues.
The proposal strikes a provision that would have allowed law enforcement and other government agencies to use cyber data it receives from companies for broader national security purposes.
The private sector is restricted from using cyber security information for marketing or any other commercial purposes.
Companies would have no legal protection if they hack other companies to retrieve data they believe was stolen from them.
The bill requires the government to establish procedures that would minimize the acquisition and retention of personal information it might receive from a company. These might include addresses and phone numbers, which are not relevant to a cyber threat.
Finally, it would strengthen oversight to ensure civil liberties and privacy are protected.
Committee Chairman Mike Rogers, who co-sponsored the bill with ranking member Dutch Ruppersberger, said it does not create a surveillance program as some critics have charged.
"It does not allow any government agency, the NSA or the CIA, to monitor domestic internet content in any way, shape or form," Rogers said.
"We think we struck the right balance. It's 100 percent voluntary. There are no big mandates in this bill, and industry says under these conditions they think they can share back, and the government can give them information that might protect them," he added.
Rogers said they consulted the White House while drafting the bill, but the Obama administration has not indicated whether it will support it.
A spokeswoman for the National Security Council, Caitlin Hayden. said that while changes made to the bill "reflect a good faith effort to incorporate some of the administration's important substantive concerns ... we do not believe these changes have addressed some outstanding fundamental priorities."
And the changes are not enough to satisfy the concerns of some privacy groups and the two members of the committee who voted against it.
Adam Schiff, D-California, and Jan Schakowsky, D-Illinois, said they will push to amend the bill when its debated on the House floor later this month.
They think it should require companies to remove personal data not associated with cybersecurity before they share information with the government.
And they argue a civil agency like the Department of Homeland Security should be in charge of information sharing with industry. They fear the National Security Agency and the military will have access to American's personal information.
Rogers and Ruppersberger expect the full house will adopt the measure. Then it will be up to the Senate to pass its own version. If that happens, a House-Senate negotiating committee would attempt to hammer out a final bill.
Great site. Plenty of helpful information here. I am sending it to a few pals ans also sharing in delicious. And obviously, thanks to your sweat!
I'm still learning from you, while I'm trying to achieve my goals. I certainly enjoy reading all that is written on your site.Keep the posts coming. I liked it!
I love this line: "The White House had threatened to veto that bill over privacy concerns." I wonder if Obama will appoint the NSA to oversee this program if passed?
I don't believe that even with this newly improved CISPA bill, that it will actually go through seeing as how Obama had threatened to veto this.
Here we go again. Bypass the privacy at to get information.
The Cyber Jobs Report and How You Can Help Transform a Generation
With the dramatic proliferation of computing and communications technologies across the globe, the cyber security industry has experienced unprecedented growth. This growth has created an urgent need for qualified individuals to fill current job openings and to develop the skilled workforce necessary to address the expected dramatic job growth in the future.
Learn more about the open cyber security jobs across the country and discover how your company can play a crucial role in preparing the future workforce that you will be hiring.
Register for this complementary 15 minute webinar and join the conversation on Tuesday, April 23rd at 11:30am EST (seating is limited for this webinar): http://www.lifejourney.us/lj/cjwebinar.html
Can’t make Tuesday, April 23rd? Check out other upcoming session dates.
I hope you and your team are able to join the webinar and feel free to forward this invite to others who may be interested.
Meh... The government and private industry already work hand in hand. However private industry gains nothing from it, and the govt can't do anything to protect them. This bill will allow private industry to work with the government in exchange for certain protections.
Anyone who thinks this is SOPA or any other privacy concern related bill needs to reread it.
Additionally the PII (Personally identifiable Information) that would be provided to the government would allow them to track those who would steal and abuse that information outside the US. So removing that information (which would be voluntarily provided anyways!) would pretty much negate any input the government would have.
I know. I work in one of the governments information security areas.
No citizens want this bill. Expect SOPA-level action against it in the next few days. http://www.saveyourprivacypolicy.org
Ok, seeing how you didn't even read past the first few paragraphs allow me to explain why this isn't SOPA. The bill only allows the private sector to share information if there has been a breech in security. Domestic use, such as what most of the people against SOPA/CISPA are arguing, is not threaten at all. I highly suggest re-reading the article again to make sure you understand the information laid out there.
Have you read the bill do know what information they will share it does not say...It gives the government access to data what data, how much, the companies also get no repercussions for misuse.
I agree with the comment "Cyber security, in today's world, is something we must take more seriously. Making anything ‘voluntary’ is worthless! Corporate America will not participate in any voluntary program".
I think that it should be a requirement to protect or remove sensitive personal data before sharing information with the government. The payment card industry successfully implemented a similar approach. The technology is available.
Ulf Mattsson, CTO Protegrity
OBAMA IS VERY VERY VERY VERY AFRAID HE HAS BENT OVER BACKWARDS AT THE ORDER OF THE MILITARY (HIMSELF) TO CENSOR STALK SPY STEAL JAIL RUIN ANYONE AND CERTIANLY EVERYONE HE IS AFRAID OF THIS IS WHY HE HURTS PEOPLE BECAUSE HE IS DEEPLY AND PERFECTLY FLAWED–HAS ANYONE FROM COLUMBIA EVER SEEN HIS TRANSCRIPT–NOPE
LOL...that makes absolutely NO sense at all whatsoever.
It does kind of makes sense in a Palinistic sort of way.
Another boondoggle approach! Politicians just don't get it! Cyber security, in today's world, is something we must take more seriously. Making anything "voluntary" is worthless! Corporate America will not participate in any voluntary program. Worse yet is assigning this to the worthless Dept. of Homeland Security!
It sounds like a man of ill repute saying to a woman getting undressed "go ahead I won't peek".