Print

Cyber Intelligence Sharing and Protection Act KEY POINTS

4/27/12

 

Congressman Doug Lamborn voted in support of  H.R. 3523, theCyber Intelligence Sharing and Protection Act (CISPA). The bill passed the House by a vote of 248-168. Lamborn, who was concerned about privacy protections in the bill, gave his support after the bill was amended on the House floor to increase those protections.    

The amended bill will help American businesses protect critical data infrastructures, while also protecting the privacy rights of American citizens.

  • Foreign countries like China and Russia consistently target American businesses with malicious cyber attacks, looking to exploit private corporate information, or worse, access to critical infrastructure systems such as the electrical grid, for their advantage.
  • Over the past few years, China alone has stolen information from American companies equivalent to 50 times the current print colleciton of the U.S. Library of Congress.

The secretive nature of this digital pillaging makes the exact estimates of loss difficult to calculate, but it could range up to $400 billion a year.  This forces companies to pass costs along to consumers.

China is literally trying to steal our prosperity and our way of life.
 
  • The federal government protects itself against cyber espionage by using both classified cyber threat intelligence and unclassified threat information.  However, the vast majority of the private sector does not get the benefit of the classified intelligence that the government has in its possession.
  • The Cyber Intelligence Sharing and Protection Act (CISPA) seeks to enhance job creators’ ability to protect themselves by allowing the government to arm them with information that could prevent and combat cyber attacks. This information, gathered by the US intelligence community, could prove to a be deciding factor in protecting private corporate information and networks that power economic growth or a vital piece of infrastructure that keeps our nation running.
     
  • The bill provides positive authority to private sector entities to defend their own networks and those of their corporate customers, and to share cyber threat information with others in the private sector in addition to the federal government on a purely voluntary basis.
     
  • By enabling the private sector to expand its own cyber defense efforts and to employ classified information to protect systems and networks, this bill will harness private sector innovation while also keeping the government out of the business of monitoring and guarding private sector networks.
     
  • Job creators already support this bipartisan bill. More than two dozen companies and groups support the billl, including the following:

Verizon

Facebook

U.S. Chamber of Commerce

AT&T

Boeing

IBM

Intel

Lockheed Martin

Microsoft

Oracle


AMENDMENTS TO H.R. 3523

Amendment No. 4—Reps. Rogers (R-MI), Ruppersberger (D-MD): This amendment would add a provision to clarify that regulatory information already required to be provided remains subject to FOIA requests, as under current law. – Congressman Lamborn supported this amendment because it would provide clarification and harmonize the bill with the existing scope of FOIA.

Amendment No. 6—Reps. Quayle (R-AZ), Eshoo (D-CA), Thompson (D-CA), Broun (R-GA): This amendment would limit government use of shared cyber threat information to only 5 purposes: 1) cybersecurity; 2) investigation and prosecution of cybersecurity crimes; 3) protection of individuals from the danger of death or physical injury; 4) protection of minors from physical or psychological harm; and 5) protection of the national security of the United States. – Congressman Lamborn supported this amendment because it offers key clarification of the intended scope of the bill.

Amendment No. 7—Reps. Amash (R-MI), Labrador (R-ID), Paul (R-TX), Nadler (D-NY), Polis (D-CO): This amendment would prohibit the federal government from using, inter alia, library records, firearms sales records, and tax returns that it receives from private entities under this Act. – Congressman Lamborn supported this amendment. The legislation does not provide for the collection of this data.

Amendment No. 8—Reps. Mulvaney (R-SC), Dicks (D-WA): This amendment would authorize the federal government to create reasonable procedures to protect privacy and civil liberties, consistent with the needs of cybersecurity. The amendment would also prohibit the federal government from retaining or using information shared pursuant to the Act for anything other than a use permitted under the provisions in the bill. – Congressman Lamborn supported this amendment because it would clarify the intended scope of the bill.

Amendment No. 13—Rep. Goodlatee (R-VA): This amendment would narrow definitions in the bill regarding what information may be identified, obtained, and shared. – Congressman Lamborn supported this amendment because it clarifies the intended scope of the legislation.

Amendment No. 15—Rep. Mulvaney (R-SC): This amendment would sunset the provisions of the bill five years after the date of enactment. – Congressman Lamborn supported this amendment. This is a key way to provide protections and reviews of the program over the long term by forcing Congress to revisit it and reauthorize it down the road.

Amendment No. 3—Rep. Pompeo (R-KS): This amendment would clarify the bill’s liability provision that the use of cybersecurity systems is the use of such systems to identify and obtain cyber threat information. – Congressman Lamborn supported this amendment because it would clarify proper interpretation of liability protections.

Amendment No. 9—Rep. Flake (R-AZ): This amendment would add a requirement to include a list of all federal agencies receiving information shared with the federal government to the report from the Inspector General of the Intelligence Community required under the bill. – Congressman Lamborn supported this amendment because the use of an Inspector General is an important privacy protection.

Amendment No. 11—Rep. Pompeo (R-KS): This amendment would clarify that nothing in the bill would alter existing authorities or provide new authority to any federal agency, including Department of Defense, National Security Agency, Department of Homeland Security, or the Intelligence Community to install, employ, or otherwise use cybersecurity systems on private sector networks. – Congressman Lamborn supported this amendment because it would clarify the intended scope of the legislation. 

Amendment No. 12—Rep. Woodall (R-GA):  This amendment would add a provision stating that entities who choose not to participate in the voluntary information sharing authorized by this bill are not subject to new liabilities. – Congressman Lamborn supported this amendment because it would clarify intended scope of the bill.

Amendment No. 14—Rep. Turner (R-OH): This amendment would make a technical correction to definitions in Section 2 (g) to provide consistency with other cyber security policies within the Executive branch and the Department of Defense. – Congressman Lamborn supported this amendment because it would help avoid unintended conflicts in definitions.

# # #