Now that the House of Representatives has approved a controversial bill on cyber security, which the White House has promised to veto, the ball is in the Senate’s court, which would propose a much harder-hitting bill if it could muster the support.
The House (Republican-controlled) approved the Cyber Intelligence Sharing and Protection Act (CISPA) late last week, in a bipartisan 248-168 vote after five hours of debate over the technicalities of a bill that would allow and encourage companies to share electronically collected information with the government to help prevent cyber attacks on critical energy and other infrastructure.
It’s easier when things are partisan. However, as it stands, the need for cyber security (and all the privacy and business rights issues this necessarily calls up) has Republicans and Democrats divided among themselves and unsure who to protect: your rights to privacy, businesses from government interference, or the country from national security threats. It seems that all three cannot be protected simultaneously.
There is no neat dividing line, and clearly “big government”, at least since the Patriot Act, is no longer the purview of the Democrats. Big government is bipartisan, and this is the post-9/11 world in which we live - a world in which security threats have been globalized along with technological advances.
Despite all the bluster, the bill is largely innocuous. It does not obligate companies to hand over information to the government; rather it makes it possible for them to do so should they voluntarily choose to (plus incentives). Neither does the House bill include provisions to protect computer systems operating critical infrastructure.
What makes the House bill more innocuous is that it’s not likely to get past the Senate, which wants a much tougher bill, or the White House, which sees it as doing too little to protect critical infrastructure while at the same time doing a lot to chip away at privacy. (Most of the information-sharing discussed in the bill is currently banned by privacy laws.)
The Intelligence Community is concerned that without a solid cyber security bill, companies that manage critical energy, financial and communications infrastructure could come under attack. In today’s world, they argue, you cannot separate the public from the private.
Everything is connected, and the government will lose its competitive advantage in the new theater of cyber warfare without some tough legislation to help it better govern cyberspace and lean on information “owned” by private companies.
The Senate bill more specifically targets companies controlling the nation’s critical infrastructure and focuses on implementing regulations to ensure higher cyber security standards. This bill, which has more support from the White House, seeks to give the Department of Homeland Security (DHS) control of cyber security with the primary aim of protecting the country’s electricity and water infrastructure.
Civil liberties groups are opposed to both bills, but the House bill has come under particular criticism for its “dangerously overbroad” nature and lack of sufficient oversight (sensitive information can be shared without a warrant).
Businesses prefer the House bill, of course, because it is voluntary and presented as an information-swapping deal that is not necessarily one-sided. They strongly oppose the Senate bill as it will require them to make cyber security changes that are involved and expensive.
This is not the end, and perhaps only the beginning. The House bill is not likely to go further than it has, for now. The rival Senate bill might have to be shelved until after the elections, when it’s safer to start enforcing regulations on big business. More than that, on a much broader the level, the bills are not ready for passage as all stakeholders understand that the debate has to be reframed, until which time cyber security will remain elusive.
By Jen Alic of Oilprice.com
Jen Alic is a geopolitical analyst, co-founder of ISA Intel in Sarajevo and Tel Aviv, and the former editor-in-chief of ISN Security Watch in Zurich.