• The Heritage Network
    • Resize:
    • A
    • A
    • A
  • Donate
  • CISPA Is Ready for Prime Time

    This week, the House of Representatives will vote on several cybersecurity bills, giving rise to the apt moniker “Cyber Week.” Congress is right to act on this very important issue, as up to $400 billion is stolen from U.S. companies in cyber theft and espionage every year. While Congress correctly acknowledges this real threat, it is important that Congress not just act to say that it did something.

    H.R. 3523, or the Cybersecurity Information Sharing and Protection Act (CISPA), is a strong cybersecurity bill that the House Permanent Select Committee on Intelligence passed by a bipartisan vote of 17–1. Similar to portions of other bills, CISPA encourages cyberthreat information sharing among the private sector and with the government and is completely voluntary. No company would be obligated to share any information with the federal government and could undertake “appropriate annonymization or minimization” of information. CISPA provides liability protection for information sharers and rejects costly mandates and regulations.

    Some have raised concerns regarding CISPA, accusing it of being SOPA II, or worse. This could not be further from the truth. Analysis of the bill shows that CISPA does not allow for any blocking of websites but merely facilitates for the sharing of cyberthreat information. It gives no additional authority to the Department of Defense, the National Security Agency (NSA), or any other “element of intelligence community to control, modify, require or otherwise direct the cybersecurity efforts of a private-sector entity or a component of the Federal Government or a State, local, or tribal government.”

    CISPA includes tailored but not overly restrictive definitions of threat and vulnerability information. Chairman Mike Rogers (R–MI) and ranking member Dutch Ruppersberger (D–MD) of the House Intelligence Committee have agreed to new language that would allow the government to use shared cybersecurity information only for a cybersecurity purpose, for a national security purpose, to prevent death or serious bodily harm, or to protect minors from sexual exploitation, kidnapping, and trafficking.

    These restrictions represent a compromise between civil liberties advocates and those who don’t want to set up too many artificial barriers, such as those that were partially responsible for intelligence failures before 9/11.

    Privacy advocates also voiced concerns that an organization might share personal data with the NSA. CISPA answers these concerns by establishing the Department of Homeland Security as the hub of cybersecurity information, requiring the inspector general for intelligence to make a yearly report on the type and use of shared information. The bill also allows individuals to sue the government for “willfully violating” the restriction of only using information for cyber or national security.

    CISPA has deliberately been drafted and revised in such a way as to meet many of the concerns of privacy advocates. Indicative of these efforts, even actively opposed organizations, such as the Center for Democracy and Technology, have recognized the “good faith efforts” made by Rogers and Ruppersberger and will no longer oppose the bill.

    CISPA is a sensible bill that represents a successful balancing of security and privacy concerns. Completely voluntary, CISPA harnesses the innovation and creativity of the private sector to make our nation more cyber secure.

    Posted in Security [slideshow_deploy]

    10 Responses to CISPA Is Ready for Prime Time

    1. Stirling says:

      More power to the Government is NOT always a good thing.. as the government has shown it Abuses everthing it touches.. It may "say" it has privacy concerns met, but I'm not buying that it will not morph into something with un-intended consequences (especially with this administration). Cybersecurity may be an issue, but do you really trust this government has the people's best intrest in mind..?? Tell me how many bills that actually didn't put the people at a disadvantage when it comes to personal information. Hell, Obamacare moves every personally medical information to Washington D.C.. and politicians will say anything to "pass the bill"

      • David Inserra says:

        The Heritage Foundation is deeply concerned with giving additional powers to government. Indeed, a bill that mandated that you share your information or gave the government power to regulate the internet would be problematic. However, this bill forces nothing, mandates nothing, and regulates nothing. It is completely voluntary; a company does not have to share any information with the government but can if it wants to. Companies can receive classified information on cybersecurity threats from the government and not share one shred with the government. Furthermore, this bill allows organizations to share threat information with other organizations to help our private sector protect itself. If the government and other organizations had information that could help you, wouldn't you want them to share it with you so that you could defend yourself?

    2. Me or You says:

      Interesting analysis. Unexpected coming from Heritage.
      Few trust the "civilian agency—the Department of Homeland Security" – and we want this information in their "repository?"

      • David Inserra says:

        Me or You,
        There needs to be a repository of cyber threat information and instead of creating an additional bureaucracy or putting the authority in the Department of Defense or NSA (which was problematic to many privacy and civil liberties groups), DHS is the logical place. Heritage has written on the fact that DHS isn't perfect and still needs to build its cyber capabilities, but it is the appropriate place for a civilian cyber security information repository. See # 8 in the following link: http://www.heritage.org/research/reports/2011/01/

        • @kaizoman says:

          David, thank you for speaking out. There is so much negative info flying and so many people just rage facing without actually reading the bill or understanding why we need it or what it will be used for.

        • @kaizoman says:

          David, thank you for speaking out. There is so much negative info flying and so many people just rage facing without actually reading the bill or understanding why we need it or what it will be used for.

          Good on congress for reviewing the bill and editing it to take into account the peoples privacy concerns.

          We should all be happy with this. We get a bill that does what it needs to, gives our private sector more power to protect itself and is sufficiently limited that it wont tred upon our freedoms.

          *For some reason the site lost my full comment.*

    3. FLA says:

      I love Heritage. This time you're wrong. Haven't we given the government too many rights already??!!.

    4. Timothy Birdnow says:

      With a national debt in the trillions, doesn't this Congress have more important things to do than increase government influence over the internet? Even if this is a good bill (and I fear it is the nose of the camel in the tent) it is an unnecessary one at this juncture. Reforming the internet was not a priority to most voters in 2010.

      If nothing else, this makes the GOP look like THEY are the ones trying to seize the internet. Foolish.

    5. beancrisp says:

      CISPA and everyone who agrees with it is anti-American.

    6. Faithkills says:

      Tea Party to Heritage: Way to show your big government progressive colors. You should be ashamed.

      There is NO need for this legislation. There is nothing to stop any company from sharing not private information. They don't need to share private information to fight cyber attacks.


      I am a programmer and ex hacker. You do not need to violate the Constitution to dissect and fight a virus or trojan. Anyone who says otherwise is lying.

      We in the Tea Party put the GoP back in the house.

      They raised the debt ceiling.
      They passed the NDAA.
      They passed CISPA. (Obama will NOT veto this be assured)
      They re-approved the PATRIOT act.
      They have refused to defund Obamacare, or ANYTHING.

      The establishment GoP is fighting US, not the democrats.

      We won't put them back in.

    Comments are subject to approval and moderation. We remind everyone that The Heritage Foundation promotes a civil society where ideas and debate flourish. Please be respectful of each other and the subjects of any criticism. While we may not always agree on policy, we should all agree that being appropriately informed is everyone's intention visiting this site. Profanity, lewdness, personal attacks, and other forms of incivility will not be tolerated. Please keep your thoughts brief and avoid ALL CAPS. While we respect your first amendment rights, we are obligated to our readers to maintain these standards. Thanks for joining the conversation.

    Big Government Is NOT the Answer

    Your tax dollars are being spent on programs that we really don't need.

    I Agree I Disagree ×

    Get Heritage In Your Inbox — FREE!

    Heritage Foundation e-mails keep you updated on the ongoing policy battles in Washington and around the country.