Like HowStuffWorks on Facebook!

How CISPA Works


The Current State of Affairs
A House Intelligence Committee report released on Oct. 8, 2012 includes information on Huawei, a Chinese telecommunications equipment maker that members of the House Permanent Select Committee on Intelligence see as a threat to national security.
A House Intelligence Committee report released on Oct. 8, 2012 includes information on Huawei, a Chinese telecommunications equipment maker that members of the House Permanent Select Committee on Intelligence see as a threat to national security.
© Mark Wilson/Getty Images

As of early 2013, neither Senate bill passed, but in the wake of CISPA's resurrection in the House, President Obama issued an Executive Order (EO) that covers some of the ground of the proposed cybersecurity bills, including timely sharing of information on cyberthreats from the federal government to critical infrastructure entities and companies that provide cybersecurity services. It does not enable any new sharing of information in the other direction (from private companies to public entities). It takes an existing Defense Industrial Base (DIB) information sharing program called the Enhanced Cybersecurity Services program, which was put in place to allow the Department of Defense (DoD) and the DHS to share non-classified cybersecurity information with defense contractors and the like, and expands it by allowing it to cover the other government agencies and critical infrastructure sectors. Like CISPA, the EO addresses creating an avenue for critical infrastructure personnel to gain security clearance for the sharing of classified information. It charges the National Institute of Standards and Technology (NIST) and others to work collaboratively with industry experts to create a cybersecurity practices framework to help reduce cyberthreat risks to infrastructure, and calls on the DHS to develop incentives to promote adoption of the framework.

The EO also calls for the Chief Privacy Officer and Officer for Civil Rights and Civil Liberties of the DHS to assess privacy and civil liberties risks and make recommendations on how to minimize and mitigate those risks. They are to use the Fair Information Practice Principles (FIPP) and other related policies to evaluate cybersecurity activities to this end, and their assessments are to be made available to the public.

Since CISPA is under consideration once more, no rival cybersecurity bills have passed yet and cyberthreats appear to be on the rise, the debate on how best to handle cybersecurity, especially sharing of information from private industry to government, is far from over. But perhaps all the rousing debates and calls to action will help whatever laws are ultimately passed to best straddle the line between too much and too little sharing while providing real protections.


More to Explore