Cyberattacks reanimate CISPA
Recent reports of cyberespionage and hacking against important U.S. targets have triggered cybersecurity rumblings in Washington, with the leaders of the House Intelligence Committee reportedly planning to bring back the controversial CISPA — Cyber Intelligence Sharing and Protection Act — and President Obama reportedly readying his own executive order on the issue.
House Intelligence Committee Chairman Mike Rogers (R-Mich.) and ranking member Rep. Dutch Ruppersberger (D-Md.) say they plan to re-introduce CISPA — unaltered — next week during a speech at the Center for Strategic and International Studies in Washington, according to Beltway tech blog The Hill.
“American businesses are under siege,” Rogers said in a statement cited by the blog. “We need to provide American companies the information they need to better protect their networks from these dangerous cyberthreats. It is time to stop admiring this problem and deal with it immediately.”
CISPA, spark move by Obama
Despite an outcry over privacy concerns by groups such as the American Civil Liberties Union, CISPA passed the House last year but stalled in the Senate because the upper house was working on its own cybersecurity legislation. The White House had also threatened to veto CISPA if it landed on the president’s desk.
The recent reports of cyberspying on The New York Times, The Wall Street Journal, and The Washington Post, however, along with attacks on the Federal Reserve’s Web site and on several U.S. banks — not to mention comments about an imminent “cyber 9/11” — have brought the issue back to the fore.
A move from Obama?
According to a report from Bloomberg — which cited “two former White House officials briefed on the administration’s plans” — President Obama will issue an executive order on cybersecurity after his February 12 State of the Union Address.
The order, Bloomberg said, would create a “voluntary program of cybersecurity standards for companies operating vital U.S. infrastructure.” It also “directs federal agencies to consider incorporating the cybersecurity standards into existing regulations [and]…directs the government to share more information about computer threats with the private sector and issue more security clearances allowing industry representatives to receive classified information.”
Obama-backed legislation involving voluntary cybersecurity standards for companies died in the Senate last year, with Republicans and the U.S. Chamber of Commerce saying it would be ineffective and would create de facto rules that would slow down business, Bloomberg noted.
Critics of the different proposed cybersecurity measures are concerned that increased cooperation between Internet businesses and U.S. intelligence agencies could erode user privacy. And some have gone so far as to say that hasty regulation of things like the Denial of Service attacks used against U.S. banks could hamper legitimate forms of protest.[source:cnet]