Government // Cybersecurity
News
7/9/2014
09:25 AM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Controversial Cyber Security Bill Advances

Senate bill aims to promote information sharing to combat cyberthreats, but critics contend it lacks privacy protections.

The Senate Intelligence Committee on Tuesday approved the Cybersecurity Information Sharing Act (CISA), a bill ostensibly designed to enhance cyber security, but which alarms privacy advocates.

The bipartisan legislation, authored by Senate Intelligence Committee chair Dianne Feinstein (D-CA) and vice chair Saxby Chambliss (R-GA), seeks to promote information sharing about cyberthreats among government agencies and private sector companies.

The bill passed by a vote of 12-3 and now awaits further consideration by the Senate. Its counterpart, the Cyber Intelligence Sharing and Protection Act (CISPA), passed the House last year. Concern about CISPA prompted a petition that collected more than 117,000 signatures and a veto threat from the White House, which has already issued a similar executive order to promote cyber security and improve critical infrastructure.

Senator Feinstein in a statement characterized cyber attacks as the greatest threat to our national and economic security today. "To strengthen our networks, the government and private sector need to share information about attacks they are facing and how best to defend against them," she said. "This bill provides for that sharing through a purely voluntary process and with significant measures to protect private information."

[Want to be a better miner? See 6 Tips for Using Big Data to Hunt Cyberthreats.]

Privacy groups, however, contend that the legislation does not do enough to protect private information. In a letter sent last month to Feinstein and Chambliss, the American Civil Liberties Union, the Center for Democracy and Technology, the Competitive Enterprise Institute, the Electronic Frontier Foundation, and more than a dozen other advocacy groups warned that CISA ignores the outcry over the revelations about the scope of NSA data gathering.

"Instead of reining in NSA surveillance, the bill would facilitate a vast flow of private communications data to the NSA," the letter said. "CISA omits many of the civil liberties protections that were incorporated, after thorough consideration, into the cyber security legislation the Senate last considered."

The letter decried the bill's militarization of civilian cyber security, its lack of limitations, its failure to protect personal information, its overbroad liability protection for countermeasures, its overbroad definition of cyber security threats, and the threat it poses to net neutrality regulations.

(Source: Scrumshus on Wikipedia.)
(Source: Scrumshus on Wikipedia.)

Feinstein and Chambliss insist the bill is narrowly focused on cyber security and does not affect net neutrality.

US Senators Ron Wyden (D-OR) and Mark Udall (D-CO) issued a joint statement opposing the bill due to its lack of privacy protections and to doubts about its ability to actually improve cyber security.

"We agree there is a need for information-sharing between the federal government and private companies about cyber security threats and how to defend against them," said Wyden and Udall. "However, we have seen how the federal government has exploited loopholes to collect Americans' private information in the name of security."

Nobody wants to be the next data breach headline. But ensuring that cyber security defenses are operating effectively and efficiently is a monumental challenge, given the sheer volume of information coming at us. Here's how to streamline your program. Get the Metrics That Work: Practical Cyber-Security Risk Measurements report today (registration required).

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
David F. Carr
50%
50%
David F. Carr,
User Rank: Author
7/9/2014 | 10:16:43 AM
Is there a need for cybersecurity info sharing legislation?
So the White House opposes this because cybersecurity info sharing is already supposed to be the policy, by executive order. Is there a need for Congress to pass legislation on this, or not? I'm having a tough time understanding how this is seen as an additional threat to privacy. On the other hand, if there's no need for the legislation, that's a different matter.

Isn't the cybersecurity issue with the NSA more that we'd like them to share vulnerability info with the rest of us, rather than reserving it to exploit? Honestly, I'm not sure that's even a reasonable thing to expect of an intelligence agency, but it has been the complaint regarding things like rumors of abuse of the Heartbleed bug.
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
7/9/2014 | 12:30:11 PM
Re: Is there a need for cybersecurity info sharing legislation?
I'm having a tough time understanding how this is seen as an additional threat to privacy.

I'll admit that I haven't read the CISA bill. I do recall the CISPA petition, though. The perceived (whether real or not is up to everyone's opinion) is about the feds forcing private companies to share security issues that the feds may then use against private citizens, like the NSA has done. Not sure I agree, but I concede the possiblilty.

The flip side of this is when a vulnerability is discovered and never shared (for fear of liability or any other reasons). Then, that hole is goes unaddressed and more innocent individuals may suffer. It's like Target or Michael's waiting months after the breach to announce that there was a credit card breach. In that ensuing time, any of their customers could have suffered more losses.

There has to be a middle ground where information is shared in a timely manner, while also allowing those affected to do their legal and forensic investigations.
Henrisha
50%
50%
Henrisha,
User Rank: Strategist
7/9/2014 | 1:21:41 PM
Re: Is there a need for cybersecurity info sharing legislation?
Personally, I don't think there's a need to pass legislation on this, but of course that's just my opinion. On some level, I see this move as more of a public relations thing. Trying to show the people that they're taking action re: cyber security, but I'm iffy whether this is what we really need.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Author
7/9/2014 | 4:55:15 PM
Re: Is there a need for cybersecurity info sharing legislation?
>Personally, I don't think there's a need to pass legislation on this, but of course that's just my opinion.

Indeed, if this is truly about voluntary information sharing, no law is necessary. You need laws to compel.
mak63
50%
50%
mak63,
User Rank: Ninja
7/11/2014 | 12:11:20 AM
Re: Is there a need for cybersecurity info sharing legislation?
I was thinking exactly the same thing, if it is about info sharing, why the need of a law. Nonetheless, there's probably something more than meets the eye. Like the loose definition of cybersecurity threat and cyber threat indicator on the CISA to undermind once again our most basics rights
andrewboon2739
50%
50%
andrewboon2739,
User Rank: Apprentice
7/9/2014 | 10:39:04 AM
Misuse of this bill will be rampant

Interesting development, Although this bill in intended to protect cyber security assets it will do more harm than good if used for unauthorized surveillance, I work for McGladrey and there's a whitepaper on our site that discusses a few points here that may interest readers, it offers very good information on cyber security and ways to mitigate cyber risks @ "Two common Web application attacks illustrate security concerns", 

http://mcgladrey.com/content/mcgladrey/en_US/what-we-do/services/risk-advisory/risk-bulletin/two-common-web-application-attacks-illustrate-security-concerns.html

Henrisha
50%
50%
Henrisha,
User Rank: Strategist
7/9/2014 | 1:22:26 PM
Re: Misuse of this bill will be rampant
Thanks for the link to the white paper. It makes for some interesting reading. Granted a lot of people seem to think that this is a step in the wrong direction--it's advancing now. Perhaps more awareness to get people to air their opposition to this thing?
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
7/10/2014 | 7:15:15 AM
lol
Feinstein also has a record for defending the NSA's broad domestic surveillance practices...so she doesn't have a lot of trustworthiness going for her in terms of protecting privacy.
RichardV928
50%
50%
RichardV928,
User Rank: Apprentice
7/10/2014 | 11:38:18 PM
America used to be a symbol of freedom around the world but now we are a symbol of spying.
To: Government Representatives who believe in the Constitution and the rule of law.

America used to be a symbol of freedom around the world but now we are a symbol of spying. America spies on its allies like Germany and on it's own citizens with impunity. America even spies on the elected representatives the public prays will uphold the United States Constitution. America has the Patriot Act, The Patriot Act II and now more power is being given to the NSA to spy even more on innocent men and women in the United States who have broken no law and do not deserve to lose their privacy. America has become a paranoid schizophrenic.  Putin likes to joke that the European leaders have to whisper in their houses because the Americans are listening and it would seem that this is true. Why is this so?

Sadly the very representatives who are supposed to look out for the rights of Americans have become demented and see the public as the enemy. What have the American people done to deserve this? One thing I know for sure is they have become complacent and given over the rights given them by God to possible despots.

The NSA spies on the American people and the CIA spies on the Congress but nothing is done about it except to expand the power to invade our privacy and further increase the risk of a police state.

So sad that even Senator Feinstein, who I mistakenly believed stood up for the Constitution are too weak and/or afraid to stand up and protect the very Constitution they have sworn to defend. How may more laws will be passed in the dark of night under the guise of security that in reality slowly cut away our liberty? What is an American to do to stop this? I do not know. I only know that personally I write letters and call my reps pleading that they stop creating draconian laws like the 100-mile No Constitution Zone now on the books. I only know that the Obama administration went to the Supreme Court to try to search an honest American's cellphone without a warrant but lost nine to zero. I only know that what is good for the goose is no longer good for the gander. I only know what I see in the media which is weak as is the legislative branch of the United States Government and allows it's powers to be stomped on by the boot of the executive branch. I only know that freedom is bleeding and no one seems to be able to come to her aid. The Statue of Liberty is crying, as it is afraid its name will be changed to the Statue of Spying.

Where will the violation of American civil liberties stop? Will it stop? I am not sure. Hypocrites spout platitudes about American ideals but they do nothing concrete to protect those ideals from the encroachment of fascism. Who will standup for the American people? Who will raise their voice and cry out STOP!!!!

Edward Snowden showed us the President of the United States is a liar because he said the NSA did not spy on Americans. It turns out that they do. The head of the NSA is a liar as he said UNDER OATH that the NSA does not spy on American yet it turns out that they do.

America is supposed to be a nation of laws and not men yet men like Eric Holder refuse to bow to Congressional power once charged with Contempt of Congress. The Justice Department is not supposed to pick and choose what laws to enforce and yet they do and nothing is done to stop this practice. Guns were shipped into Mexico under operation "Fast and Furious" and documents were demanded by Congress from the Justice Department yet no documents were ever produced. The IRS investigates political enemies and destroys email yet nothing is done about it.

No one is accountable in the United States Government and the founders of this nation would be sick to their stomachs by what is occurring today in the name of security. As Ben Franklin said, "A people who trade their liberty for security will have neither."

So we have elected reps that lie and appointed reps who lie under oath and we still expect America to be respected as a beacon of freedom. Sadly we continue to delude ourselves that we have principles on which to stand. Our principles have been subverted and no elected officials stand up for the American Citizens. Why? I say it is because America is no longer a democratic republic it has become a technical oligarchy. Reps like Barbra Boxer will not even write back an intelligent letter in response to a question and refuse to schedule a meeting to respond to queries. The elected officials seem to think they are above the average citizen when in fact they are supposed to be working FOR THEM! Senator Feinstein says she is in favor of the constitution yet passes laws that circumvent the very laws they are sworn to uphold and do not hold other officials like Eric Holder accountable when charged with contempt of Congress. I ask that bill HR 4447 known as the Contempt Act be passed quickly so that those officials found in contempt of Congress will not receive there taxpayer funded salaries.  Please pass Blake Farenthold's bill HR 4447 as a first step to bring back the rule of law and not of men in the United States before it is too late and freedom is gone. 
etherealaurora
50%
50%
etherealaurora,
User Rank: Apprentice
7/21/2014 | 8:59:19 PM
please help us tell the president to veto CISA
please sign this petition to the white house. we have to tell the president he MUST veto CISAhttps://petitions.whitehouse.gov/petition/veto-cisa-bill-very-similar-cispa-and-sopa/n6XdVz5L please share the petitions on your face books, tweet this and ask for retweets, please try to spread this! CISA cannot be passed, the USA cannot let something like this go into effect, internet privacy is very important. without privacy, many people may not even use the internet to learn things because of the spying. please help spread this petition.. it needs 150 signatures to be made public and it was only just made. please help!
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.