WASHINGTON — Cybersecurity was a priority item for legislators returning from spring break last week, but it was déjà vu all over again with the reintroduction of two bills and a senator renewing a past call for Securities & Exchange Commission guidance.
On a conference call in advance of last week’s markup, Rep. Mike Rogers (RMich.), chairman of the House Permanent Select Committee on Intelligence, outlined changes to his Cyber Intelligence Sharing and Protection Act (H.R. 624, also known as CISPA), which cable operators strongly support. Rogers and the bill’s Democratic co-sponsor, Rep. Dutch Ruppersberger (D-Md.), hope to woo support from opponents at the White House and elsewhere.
H.R. 624 paves the way for more sharing of classified government information; allows for the sharing of threat information among Internet-service providers and other industry players, or with the government, on a voluntary basis; and provides liability protection for that sharing.
The bill closely shadows last session’s incarnation that passed the House and drew strong support from cable operators. The National Cable & Telecommunications Association hosted that bill’s coming-out party.
Rogers said he remained “wide open” to constructive suggestions to help “clarify” the bill, in addition to the ones he was already making via amendments.
“It is clear when you read the bill that this is not a surveillance bill,” Rogers said. “It does not allow the NSA to plug into domestic networks.”
Following the bill markup, Rep. Adam Schiff (DCalif.) said he could not support the bill in its present form after his amendment “to require that companies sharing cybersecurity information make reasonable efforts to remove unrelated private information” was not accepted by the committee.
There were also rumblings that CISPA could be a rallying point for “Internet freedom” activists.
Reddit co-founder Alex Ohanian teamed with advocacy group Fight for the Future on a video and petition calling on Google, Twitter and Facebook to fight the new bill, as they had anti-piracy legislation in the last Congress.
Elsewhere in cybersecurity, Rep. Marsha Blackburn (R-Tenn.) introduced a new version of the SECURE IT bill from the last Congress, which she said would be a complement to CISPA, which she also supports.
In the Senate, Commerce Committee chairman Jay Rockefeller (D-W. Va.) asked new SEC chairwoman Mary Jo White for formal guidance that a publicly traded company’s cybersecurity readiness be shared with investors “just as companies’ readiness to manage financial and operational risks is significant information for investors.”
Lawmakers returned from spring recess with cybersecurity matters top of mind.
WASHINGTON — The Republican and Democratic co-sponsors of the Cyber Intelligence Sharing and Protection Act last week said they were tweaking the bill to make it more attractive to the White House and privacy advocates, though the former was not yet backing the bill and some of the latter were clearly not assuaged.
• The bill now makes it explicit that shared information can only be used to identify the online cyber threats, not for marketing or other non-cybersecurity uses.
• National security language was removed, further narrowing the authorized use of info shared by the private sector.
• Companies are not allowed to “hack back” to recover stolen information.
• No personal information would be passed along to the government beyond what is “necessary to understand the cyberthreat.”
• Government agency privacy officers will provide additional information-sharing oversight.
— John Eggerton