multichannel connect
careers
all access

Marketing

Cybersecurity Bill Hits House

4/23/2012 12:01 AM Eastern

Washington — A cable-backed cybersecurity bill
has become the main vehicle for such legislation in the
House, and, as a result, has received another makeover as
its sponsors addressed concerns that it could be a backdoor
version of online-piracy legislation that failed in the
last Congress.

There has been a flurry of action on cybersecurity
over the past few weeks as the House prepares to consider
the bill, aimed at securing critical broadband networks.
That included the
release of a new draft
version of HR 3523, the
Cyber Intelligence Sharing
and Protection Act
(CISPA), introduced at a
National Cable & Telecommunications
Association-
hosted legislative
coming out party back in
November.

The NCTA had no official
comment on the
newest version of the bill
— revisions to it were
coming thick and fast
— but a source said on
background that cable operators
were still “strong
supporters” of the legislation.
The cable-industry
trade group also signed on
to a letter to House leaders
last week spelling out
a baseline for any cybersecurity
legislation. That
included more collaboration,
more information
sharing and liability
protection for that sharing
from lawsuits or government
use of the info to
regulate other activities
(all protections in CISPA),
as well as increased R&D
and public education.

While protecting networks
from attack is a bipartisan
issue, whether or
not the government sets
compliance guidelines for
those protections is setting
up as a key political
dividing line between Republicans
and Democrats.
The NCTA and company
said that would definitely
be the wrong way to go.

“Policymakers should
not complicate or duplicate
existing securityrelated
industry standards
with government-specific
standards and bureaucracies,”
they argued.

Bill co-sponsors Reps.
Mike Rogers (R-Mich.),
chair of the House Intelligence
Committee, and
ranking member C.A.
“Dutch” Ruppersberger (D-Md.) said last week in announcing
the changes that they had come in response to
input from various stakeholders.

The pair outlined the new changes to the bill, as well as
modifi cations made during its December markup, in an
effort to make it more palatable to opponents.

One change they did not make was forcing Internet-service
providers and others to strip out any personally identifiable information before sharing it with the government.
They argue that that would impose “a significant unfunded
mandate on the private sector and would also likely
prevent the private sector
from sharing critically
important cyber threat
information.”

Those modifications
came in the face of renewed
opposition to the
bill from determined opponents
who took to the
streets, or at least the
broadband highway, to
try and block the legislation.

Free Press Action
Fund, the American
Civil Liberties Union,
and others launched a
“protest” via Twitter last
week (hashtags #CongressTMI
and #CISPA)
to drum up opposition
to the legislation.

Dubbing it “Stop Cyber
Spying Week,” they
called for tweets to legislators
urging a no vote
on a bill they argue “sacrifices civil liberties and
does not define clearly
what user data can be
shared with the government,
nor does it limit
how the government
and private companies
can use that data.”

Free Press Act ion
Fund director Matt
Wood said the bill prov
ides “unbounded”
powers to government
agencies and private entities.
And while he said
the changes proposed
last week may help to
narrow the scope of the
bill “a bit,” they don’t go
far enough. “The power
over our data that CISPA
grants to the government
is still too broad,” he told
Multichannel News, “as
is the immunity that the
bill provides for companies
that share such data.
Other amendments in
the new draft still don’t
provide meaningful protections
for Internet users’
privacy or their civil
liberties.”

CYBER CLARIFICATIONS

Some of the key changes made
last week to a cybersecurity bill
backed by cable operators:

Issue: Inclusion of the term “intellectual property”
in the defi nition of “cyberthreat information”
to be shared between network operators and the
government.

Fix: A new amendment scrubs all references to
the term “intellectual property” to “clarify that the
bill is intended to defend against efforts to gain
unauthorized access to systems or networks, including
efforts to gain such unauthorized access
to steal private or government information.”

Issue: Concerns the bill would authorize blocking
access to websites believed to carry content
that infringes on intellectual property rights —
one of the key concerns of opponents of piracy
legislation killed by Google and others in the last
Congress.

Clarification: The legislators say that the bill
“does not provide any authority or levy any
requirements to block access to accounts or websites,
or to remove content.”

Issue: Government needs to be accountable for
the abuse of any private-sector information on
cyber threats it obtains.

Fix: An amendment would allow for federal
lawsuits against the government for any violation
of restrictions on sharing information for actual
damages, costs and attorney fees.

Issue: Greater involvement by the Department of
Homeland Security.

Fix: The bill is amended to require that DHS be
copied on all information shared with government,
and consulted on developing information-sharing
guidelines. (The bill was also amended to clarify
that it gives no new authority to the government
to “direct, require, or control” public or private
sector cybersecurity efforts).


SOURCE:
House Permanent Select Committee on Intelligence

September