The return of CISPA
President Barack Obama took the cybersecurity spotlight on Feb. 12 by signing a long-anticipated executive order, but there was another development the next day: Two lawmakers reintroduced the controversial Cyber Intelligence Sharing and Protection Act in the House, declaring the door once again open to passing cybersecurity laws.
"This is our chance, we believe, to prep ourselves to allow the private sector to defend itself," said Rep. Mike Rogers (R-Mich.), one of the original CISPA backers. The EO represents "a bit of a tone change. We think now we're in a better place to work with the White House to find some common ground as this bill moves [ahead]. And by elevating it, it gets better attention in the Senate as well. The executive order takes a little pressure off the Senate's insistence on infrastructure rules and regulations, so we think all of that combined increases our opportunity to get a cyber sharing bill."
While CISPA passed in the House last April, it quickly died in the Senate after a veto threat from the White House.
Rogers and bill co-sponsor Rep. Dutch Ruppersberger (D-Md.) rebuked the bill's critics, who have resurfaced along with the proposed legislation. Opponents of the bill have argued that CISPA, which aims to share data on cyber threats, poses threats to privacy and civil liberties because it contains too few limits on how and when the government may monitor an individual's Internet browsing information.
Rogers and Ruppersberger said concerns in the bill have been addressed and that privacy is protected in the proposed legislation much as it is with any other law governing access to personal information.
"This isn't SOPA," said Ruppersberger, referring to the Stop Online Piracy Act, a controversial bill aimed at stopping the online theft of intellectual property that also failed last year. "Maybe we need to do more work in educating America that we are not violating any constitutional rights - but the threats are so serious that we have to deal with these threats."
Rogers backed Ruppersberger on the assurance, pointing out that no personal information is collected or disseminated within the shared threat intelligence.
"The sharing that happens in real time isn't content driven; it's zeros and ones at light speed, hundreds of millions of times a second, looking for anomalies in the packet that fits a signature that they know contains malicious software," Rogers said.
With threats that have only increased from the last time the bill was being considered, the dynamics have shifted enough to make CISPA a strong contender for passage, he added.
"This is really very simple. We've had some great discussions with the White House and with the Senate...this year we're all going to work together to come to a package which we can agree on. I think that is a huge and significant difference from last year."
Cybersecurity legislation was introduced in the Senate last month. That measure, the Cybersecurity and American Cyber Competitiveness Act, has been referred to committee but seen no further legislative action.
Amber Corrin is a staff writer covering defense and national security. Connect with her on Twitter: @AmberInsideDOD.