The Cyber Intelligence Sharing and Protection Act (CISPA) is a proposed cybersecurity bill that passed the U.S. House of Representatives on April 26, 2012 as H.R. 3523, but stalled in the Senate later that year. It returned to the Congressional roster in 2013 as H.R. 624. CISPA would amend Title XI of the National Security Act of 1947 by adding a new section to the end called "Cyber Threat Intelligence and Information Sharing, Sec. 1104."
The aim of the new section is to allow and encourage agencies of the federal government, private-sector companies and utilities to share cyberthreat intelligence with each other in a timely manner in order to prevent disruption or harm to vital infrastructure due to attacks on the computer systems and networks of these entities. But the scope and language of the bill has proved quite controversial.
To supporters, the proposed legislation is a means to better enable information sharing to quickly counter cyberattacks before they disrupt critical services or damage the economy or national security, and to allow companies to both share information and take defensive measures without risk of lawsuits for their actions. To opponents, it's an overbroad and vague piece of legislation that allows sharing of personal information with no judicial oversight, harms individual privacy rights by sidestepping existing privacy laws and could invite abuses such as government surveillance of Internet activities.
Everyone agrees that we're vulnerable to cyberattacks, potentially from foreign powers, terrorists, criminals or others with ill intent, and that these attacks have the potential to disrupt essential services. The disagreements lie in whether this bill really solves the issue and whether it could do more harm than good.
Read on to find out more about the sorts of threats CISPA is meant to address, and the bill itself.