How CISPA Works


The Current State of Affairs
A House Intelligence Committee report released on Oct. 8, 2012 includes information on Huawei, a Chinese telecommunications equipment maker that members of the House Permanent Select Committee on Intelligence see as a threat to national security.
A House Intelligence Committee report released on Oct. 8, 2012 includes information on Huawei, a Chinese telecommunications equipment maker that members of the House Permanent Select Committee on Intelligence see as a threat to national security.
© Mark Wilson/Getty Images

As of early 2013, neither Senate bill passed, but in the wake of CISPA's resurrection in the House, President Obama issued an Executive Order (EO) that covers some of the ground of the proposed cybersecurity bills, including timely sharing of information on cyberthreats from the federal government to critical infrastructure entities and companies that provide cybersecurity services. It does not enable any new sharing of information in the other direction (from private companies to public entities). It takes an existing Defense Industrial Base (DIB) information sharing program called the Enhanced Cybersecurity Services program, which was put in place to allow the Department of Defense (DoD) and the DHS to share non-classified cybersecurity information with defense contractors and the like, and expands it by allowing it to cover the other government agencies and critical infrastructure sectors. Like CISPA, the EO addresses creating an avenue for critical infrastructure personnel to gain security clearance for the sharing of classified information. It charges the National Institute of Standards and Technology (NIST) and others to work collaboratively with industry experts to create a cybersecurity practices framework to help reduce cyberthreat risks to infrastructure, and calls on the DHS to develop incentives to promote adoption of the framework.

The EO also calls for the Chief Privacy Officer and Officer for Civil Rights and Civil Liberties of the DHS to assess privacy and civil liberties risks and make recommendations on how to minimize and mitigate those risks. They are to use the Fair Information Practice Principles (FIPP) and other related policies to evaluate cybersecurity activities to this end, and their assessments are to be made available to the public.

Since CISPA is under consideration once more, no rival cybersecurity bills have passed yet and cyberthreats appear to be on the rise, the debate on how best to handle cybersecurity, especially sharing of information from private industry to government, is far from over. But perhaps all the rousing debates and calls to action will help whatever laws are ultimately passed to best straddle the line between too much and too little sharing while providing real protections.

Author's Note: How CISPA Works

Being an IT worker, a writer and a heavy Internet user, I'm concerned about the security of our computers and networks. Lord knows I don't want my data stolen, or a cyberattack to take down the Internet or cut the power. How would I watch an entire season of "Downton Abbey" on Netflix while simultaneously writing an essay, checking e-mail and surfing the net for Grumpy Cat pictures?

But I'm equally concerned about privacy. The less of my data flowing out to people I never intended to look at it, the better. There is no telling how the NSA would interpret one of my short stories.

Reading through these bills and thinking about what could possibly go wrong due to wording issues was pretty fascinating. I'm sure that the drafters of all such legislation are by and large well-meaning people trying to proactively snuff out security threats. But "well-meaning" means about as much as "good faith" in legal terms. Not everyone on the planet has good intentions, as we are reminded daily by the news, and anything that can be used for ill or even just misguided purposes probably will be at some point. So I hope that whatever bill passes is extremely well-thought-out and vetted by industry, civil liberty and legal experts alike. Keep the Internet safe for Grumpy Cat.

Related Articles

Sources

  • Albanesius, Chloe. "Obama's Cybersecurity Executive Order vs. CISPA: Which Approach Is Best?" PC Magazine. February 13, 2013. (March 11, 2013) http://www.pcmag.com/article2/0,2817,2415380,00.asp
  • Biddle, Sam. "What is CISPA?" Gizmodo. April 26, 2012. (March 3, 2013)http://gizmodo.com/5905360/what-is-cispa
  • Bodeen, Christopher. "Yang Jiechi, China's Foreign Minister, Dismisses Hacking Claims by U.S." Huffington Post. March 09, 2013. (March 09, 2013) http://www.huffingtonpost.com/2013/03/09/yang-jiechi-chinas-foreig_n_2844984.html
  • Bradbury, Danny. "With cyber attacks on the rise, is your company's data secure?" Guardian. February 11, 2013. (March 9, 2013)http://www.guardian.co.uk/media-network/media-network-blog/2013/feb/11/cyber-attack-security-data
  • Bucci, Steven P. "Securing U.S. Computer Networks with SECURE IT." The Heritage Foundation. July 16, 2012. (March 10, 2013) http://www.heritage.org/research/reports/2012/07/securing-us-computer-networks-with-secure-it
  • Bumiller, Elisabeth and Thom Shanker. "Panetta Warns of Dire Threat of Cyberattack on U.S." New York Times. October 11, 2012. (March 6, 2013)http://www.nytimes.com/2012/10/12/world/panetta-warns-of-dire-threat-of-cyberattack.html
  • CNBC. "Code Wars: America's Cyber Threat." (March 9, 2013)http://www.cnbc.com/id/42210831/Code_Wars_America039s_Cyber_Threat
  • Couts, Andrew. "Not CISPA: Revised Senate Cybersecurity Bill Praised by Civil Liberty Advocates." Digital Trends. July 20, 2012. (March 9, 2013)http://www.digitaltrends.com/web/not-cispa-revised-senate-cybersecurity-bill-praised-by-civil-liberty-advocates/
  • FBI. "Computer Intrusions." (March 9, 2013)http://www.fbi.gov/about-us/investigate/cyber/computer-intrusions
  • FBI. "Spear Phishers - Angling to Steal Your Financial Info." April 1, 2009. (March 9, 2013)http://www.fbi.gov/news/stories/2009/april/spearphishing_040109
  • Fitzpatrick, Alex. "CISPA Cybersecurity Bill Passes House, With Some Amendments." Mashable. April 26, 2012. (March 8, 2013)http://mashable.com/2012/04/26/cispa-passes-house/
  • Fitzpatrick, Alex. "Internet Activists Deliver 300,000 Anti-CISPA Signatures to Congress." Mashable. February 15, 2013. (March 11, 2013) http://mashable.com/2013/02/15/cispa-petitions/
  • Glass, Nick. "Cloud threats and firewalls: Internet guru demystifies cyber security." CNN. March 5, 2013. (March 9, 2013)http://www.cnn.com/2013/03/05/tech/threat-cloud-cyber-security/index.html
  • Greenberg, Andy. "President Obama's Cybersecurity Executive Order Scores Much Better Than CISPA on Privacy." Forbes. February 12, 2013. (March 11, 2013) http://www.forbes.com/sites/andygreenberg/2013/02/12/president-obamas-cybersecurity-executive-order-scores-much-better-than-cispa-on-privacy/
  • Gross, Doug. "Report: Eastern European gang hacked Apple, Facebook, Twitter." CNN. February 20, 2013. (March 9, 2013)http://www.cnn.com/2013/02/20/tech/web/hacked-apple-facebook-twitter
  • Harris, Leslie. "CISPA: Progress, But Flaws Remain." Center for Democracy and Technology. April 24, 2012. (March 11, 2013) https://www.cdt.org/blogs/leslie-harris/2404cispa-progress-flaws-remain
  • Hartman, Rachel Rose. "CISPA: The controversy surrounding it and how it might affect you." ABC News. April 27, 2012. (March 11, 2013) http://abcnews.go.com/Politics/OTUS/cispa-controversy-surrounding-affect/story?id=16229426
  • Jackson, William. "McCain's retooled Secure IT act still a privacy threat, critics say." GCN. July 2, 2012. (March 10, 2013) http://gcn.com/Articles/2012/07/02/Secure-IT-Act-amended-critics-say-still-threat-to-privacy.aspx?Page=1
  • Jaycox, Mark M. and Kurt Opsahl. "CISPA is Back: FAQ on What it is and Why it's Still Dangerous." Electronic Frontier Foundation. February 25, 2013. (March 3, 2013)https://www.eff.org/cybersecurity-bill-faq
  • Jaycox, Mark M. "CISPA, the Privacy-Invading Cybersecurity Spying Bill, Is Back in Congress." February 13, 2013. (March 6, 2013)https://www.eff.org/deeplinks/2013/02/cispa-privacy-invading-cybersecurity-spying-bill-back-congress
  • Kelly, Heather. "Cyber-criminals are targeting phones and bank info." CNN. February 21, 2013. (March 9, 2013)http://www.cnn.com/2013/02/21/tech/mobile/mcafee-threats-report
  • Koebler, Jason. "Civil Liberties Organizations Launch Protests Against CISPA." US News & World Report. April 16, 2012. (March 11, 2013) http://www.usnews.com/news/articles/2012/04/16/civil-liberties-organizations-launch-protests-against-cispa
  • Library of Congress - Thomas. "Bill Text Versions 112th Congress (2011-2012) H.R. 3523." (March 8, 2013)http://thomas.loc.gov/cgi-bin/query/z?c112:H.R.3523:
  • Magid, Larry. "Privacy Advocates Prefer Obama's Cybersecurity Plan Over CISPA." Forbes. February 21, 2013. (March 8, 2013)http://www.forbes.com/sites/larrymagid/2013/02/21/privacy-advocates-prefer-obamas-cybersecurity-plan-over-cispa/
  • Magid, Larry. "What is CISPA and Why Would the President Veto It?" Forbes. April 25, 2012. (March 9, 2013)http://www.forbes.com/sites/larrymagid/2012/04/25/what-is-cispa-and-why-would-the-president-veto-it/
  • McCullagh, Declan. "How CISPA would affect you (faq)." CNET. April 27, 2012. (March 3, 2013)http://news.cnet.com/8301-31921_3-57422693-281/how-cispa-would-affect-you-faq/
  • McCullagh, Declan. "Microsoft backs away from CISPA support, citing privacy." CNET. April 27, 2012. (March 11, 2013) http://news.cnet.com/8301-33062_3-57423580/microsoft-backs-away-from-cispa-support-citing-privacy/
  • O'Grady, Jason D. "Apple, Facebook employees hacked via website malware, Java vulnerability." ZDNet. February 21, 2013. (March 09, 2013)http://www.zdnet.com/apple-facebook-employees-hacked-via-website-malware-java-vulnerability-7000011601/
  • Opsahl, Kurt. "The CISPA Government Access Loophole." EFF. March 1, 2013. (March 8, 2013)https://www.eff.org/deeplinks/2013/02/cispa-government-access-loophole
  • Perlroth, Nicole. "Connecting the Dots After Cyberattack on Saudi Aramco." New York Times. August 27, 2012. (March 6, 2013)http://bits.blogs.nytimes.com/2012/08/27/connecting-the-dots-after-cyberattack-on-saudi-aramco/
  • Perlroth, Nicole. "Hackers in China Attacked The Times for Last 4 Months." New York Times. January 30, 2013. (March 6, 2013)http://www.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate-new-york-times-computers.html?_r=0
  • Peterson, Andrea. "Cybersecurity Bill Supporters Regroup As Executive Order Looms." Think Progress. February 6, 2013. (March 6, 2013)http://thinkprogress.org/security/2013/02/06/1548761/cispa-executive-order/
  • Reitman, Rainey. "Even with Rogers' Amendments, CISPA is Still a Surveillance Bill." EFF. April 26, 2012. (March 8, 2013)https://www.eff.org/deeplinks/2012/04/even-rogers-amendments-cispa-still-surveillance-bill
  • Reitman, Rainey. "Industry Experts to Congress: We Can Remove Personally Identifiable Information Before Reporting Cybersecurity Threats." EFF. February 16, 2013. (March 9, 2013)https://www.eff.org/deeplinks/2013/02/industry-experts-congress-we-can-remove-personally-identifiable-information
  • Reitman, Rainey. "Victory Over Cyber Spying." EFF. August 2, 2012. (March 11, 2013) https://www.eff.org/deeplinks/2012/08/victory-over-cyber-spying
  • Richardson, Michelle. "CISPA Claws Back to Life." ACLU. February 10, 2013. (March 9, 2013)http://www.aclu.org/blog/technology-and-liberty-national-security/cispa-claws-back-life
  • Richardson, Michelle. "New Cybersecurity Amendments Unveiled to Address Privacy Concerns." ACLU. July 19, 2012. (March 9, 2013)http://www.aclu.org/blog/national-security-technology-and-liberty/new-cybersecurity-amendments-unveiled-address-privacy
  • Richardson, Michelle. "President Obama Shows No CISPA-like Invasion of Privacy Needed to Defend Critical Infrastructure." ACLU. February 13, 2013. (March 6, 2013)http://www.aclu.org/blog/national-security-technology-and-liberty/president-obama-shows-no-cispa-invasion-privacy-needed
  • Sasso, Brendan. "Longtime friends Lieberman, McCain divided over cybersecurity legislation." The Hill. March 14, 2012. (March 10, 2013) http://thehill.com/blogs/hillicon-valley/technology/215907-senators-mccain-lieberman-disagree-its-a-real-doozy
  • Staff writer. "How a 'denial of service' attack works." CNET. February 9, 2000. (March 9, 2013)http://news.cnet.com/2100-1017-236728.html
  • Steele, Patrick. "Voices of Opposition Against CISPA." EFF. April 19, 2012. (March 9, 2013)https://www.eff.org/deeplinks/2012/04/voices-against-cispa
  • Symantec. "Advanced Persistent Threat (APT): The Uninvited Guest." (March 9, 2013)http://www.symantec.com/theme.jsp?themeid=apt-infographic-1
  • Symantec. "Denial of service (DoS) attack." (March 9, 2013)http://www.symantec.com/security_response/glossary/define.jsp?letter=d&word=denial-of-service-dos-attack
  • Symantec. "Man-in-the-middle attack." (March 9, 2013)http://www.symantec.com/security_response/glossary/define.jsp?letter=m&word=man-in-the-middle-attack
  • Thrasher, Brown. "BREAKING: Senate CISPA Failes Cloture Vote." Daily Kos. August 2, 2012. (March 9, 2013)http://www.dailykos.com/story/2012/08/02/1116107/-BREAKING-Senate-CISPA-Fails-Cloture-Vote
  • U.S. Government Printing Office. "S. 3342." June 27, 2012. (March 10, 2013) http://www.gpo.gov/fdsys/pkg/BILLS-112s3342pcs/pdf/BILLS-112s3342pcs.pdf
  • U.S. Government Printing Office. "S. 3414." July 19, 2012. (March 10, 2013) http://www.gpo.gov/fdsys/pkg/BILLS-112s3414pcs/pdf/BILLS-112s3414pcs.pdf
  • U.S. House of Representatives Permanent Select Committee on Intelligence. "Backgrounder on the Rogers-Ruppersberger Cybersecurity Bill." (March 5, 2013)http://intelligence.house.gov/backgrounder-rogers-ruppersberger-cybersecurity-bill
  • U.S. House of Representatives Permanent Select Committee on Intelligence. "H.R. 3523 - Letters of Support." (March 11, 2013) http://intelligence.house.gov/hr-3523-letters-support
  • U.S. House of Representatives Permanent Select Committee on Intelligence. "H.R. 3523 - The Bill and Amendments." (March 8, 2013)http://intelligence.house.gov/hr-3523-bill-and-amendments
  • U.S. House of Representatives Permanent Select Committee on Intelligence. "H.R. 624." (March 6, 2013)http://intelligence.house.gov/sites/intelligence.house.gov/files/documents/HR624.pdf
  • U.S. House of Representatives Permanent Select Committee on Intelligence. "H.R. 624 - Letters of Support." (March 3, 2013)https://intelligence.house.gov/hr-624-letters-support
  • U.S. House of Representatives Permanent Select Committee on Intelligence. "Myth v. Fact: Cyber Intelligence Sharing and Protection Act of 2013 (CISPA)." (March 6, 2013)http://intelligence.house.gov/sites/intelligence.house.gov/files/documents/cispamythvactFeb122013v2.pdf
  • U.S. House of Representatives Permanent Select Committee on Intelligence. "Rogers & Ruppersberger Reintroduce Cybersecurity Bill to Protect the American Economy." February 13, 2013. (March 6, 2013)http://intelligence.house.gov/press-release/rogers-ruppersberger-reintroduce-cybersecurity-bill-protect-american-economy
  • Vamosi, Robert. "Internet-scale 'man in the middle' attack disclosed." CNET. October 17, 2008. (March 9, 2013)http://news.cnet.com/8301-1009_3-10068327-83.html
  • Vijayan, Jaikumar. "Privacy groups protest CISPA bill." Computer World. February 14, 2013. (March 11, 2013) http://www.computerworld.com/s/article/9236800/Privacy_groups_protest_CISPA_bill_
  • Vijayan, Jaikumar. "Return of CISPA: Cybersecurity boon or privacy threat?" Computer World. March 1, 2013. (March 11, 2013) http://www.computerworld.com/s/article/9237262/Return_of_CISPA_Cybersecurity_boon_or_privacy_threat_
  • White House. "Executive Order -- Improving Critical Infrastructure Cybersecurity." February 12, 2013. (March 6, 2013)http://www.whitehouse.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity
  • White House. "Executive Order on Improving Critical Infrastructure Cybersecurity." February 12, 2013. (March 11, 2013) http://www.whitehouse.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity-0
  • Whittaker, Zack. "'Privacy killer' CISPA is coming back, whether you like it or not." ZDNet. February 8, 2013. (March 11, 2013) http://www.zdnet.com/privacy-killer-cispa-is-coming-back-whether-you-like-it-or-not-7000011056/

More to Explore