Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Federal cyber security legislation held up by numerous challenges

Reprints

Controversial federal legislation intended to protect the nation's critical infrastructure from cyber attacks has been approved by the House of Representatives, but it remains questionable whether the bill will become law this year.

Experts say the Obama administration has indicated it would veto the legislation, which is opposed by privacy advocates, even if the Senate ultimately passes it.

The legislation passed the House last month with a 288-127 vote, but the Senate has not yet scheduled a debate on the bill. Meanwhile, advocates of the bill say there is a critical need to establish a U.S. cyber security framework.

Privacy advocates say they are concerned that the Cyber Intelligence Sharing and Protection Act that passed in the House would allow companies to share cyber threat data with the government and other businesses, without first taking steps to remove personally identifiable information.

The San Francisco-based Electronic Frontier Foundation said in a statement, for example, that the act overrides other laws including the Communications Policy Act that allow lawsuits against companies that go too far in divulging private information.

“CISPA also creates broad immunity for companies against both civil and criminal liability,” the foundation said. It “provides more legal cover for companies to share large swathes of potentially personal and private information with the government.''

Meanwhile, the White House said in a statement in April that while the House Permanent Select Committee on Intelligence adopted several amendments in an effort to incorporate the administration's privacy and civil liberty concerns, additional improvements still are needed and “if the bill, as currently crafted, were presented to the president, his senior advisers would recommend that he veto the bill.”

Many prominent businesses support the legislation, including AT&T Corp., the Boeing Co. and Verizon Communications Inc., according to the select committee. The bill also has the support of TechNet, a Washington-based policy and political network of technology CEOs whose members include Yahoo Inc., Google Inc. and Microsoft Corp.

%%BREAK%%

Tom Srail, Cleveland-based senior vice president of FINEX North America at Willis North America Inc., said everyone with a stake in cyber security “needs to enhance their response. We're dealing with significant threats that cost a lot of money and harm to a lot of people.”

However, Jamie Barnett, a partner with law firm Venable L.L.P. in Washington, who is a retired rear admiral in the U.S. Navy, said, “Any time that the government and private entities are sharing information back and forth, it does raise privacy concerns, and privacy and security are actually two sides of the same coin.”

Industry is concerned that, “if there is cooperation with the government, there be limitations on liability for cooperating,” said Joseph T. Lynyak III, a partner with law firm Pillsbury Winthrop Shaw Pittman L.L.P. in Los Angeles, who said he would like to see federal cyber security legislation passed.

“We're going to have to slowly but surely work our way through what's acceptable conduct and what's not,” he said. “We're really going to be taking baby steps in order to work through the conduct, ability to look at data, and the ability to delete data as appropriate.”

However, he added, “one of the important points for private business is the insulation from liability for cooperating with the government on the government's effort to maintain information security.”

Chet Wisniewski, Vancouver, Canada-based senior security adviser for Sophos Inc., a network security firm, said the privacy issue is the only partisan part of the bill. Mr. Wisniewski said, “Even if we can't get a perfect bill passed,” if we could at least get some cyber security bill passed, we can start working on the issue, recognize any flaws and fix them. “But right now, we have nothing.”

He said in one situation recently encountered by his firm, a small company was the target of malware aimed at stealing credit card information. Although Sophos was aware of another 50 to 60 of its customers that could be hit by the same tactic, “we legally couldn't disclose the details of that to other customers because of our contract to respect privacy, so we were kind of stuck.”

Read Next

  • States grapple with cyber security challenges as threats escalate

    States are struggling with many of the same challenges that face their business counterparts in the private sector when it comes to cyber security. The risks associated with cyber security are illustrated by a situation that occurred in South Carolina, which announced in October 2012 that about 3.6 million Social Security numbers and 387,000 credit and debit card numbers were exposed in a cyber attack. State officials also later revealed that some companies' business identification numbers had been stored in the database that was breached.